Fix heap-use-after-free

Commit a1e5364b492610adf0636fefa3fc400558e211b6 introduced the use of
AST elements at qml compilation unit generation time, which uncovered
the issue that for scripts imported from qml files, the memory pool for
the AST was local to QV4::Script::precompile. Therefore the memory where
the AST stored was freed afterwards and any use after ::precompile()
would produce ASAN errors.

There's no good reason for Script::precompile to have its own local
memory pool.

Change-Id: I4f8eb5ee4e9d62d8874241bc95fc71a912e26cea
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>

1 files changed, 4 insertions, 7 deletions

diff --git a/src/qml/jsruntime/qv4script.cpp b/src/qml/jsruntime/qv4script.cpp
index daff1c659a..ca6e4c50b1 100644
--- a/src/qml/jsruntime/qv4script.cpp
+++ b/src/qml/jsruntime/qv4script.cpp
@@ -170,19 +170,16 @@ Function *Script::function()
     return vmFunction;
 }
 
-QQmlRefPointer<QV4::CompiledData::CompilationUnit> Script::precompile(QV4::Compiler::Module *module, Compiler::JSUnitGenerator *unitGenerator,
+QQmlRefPointer<QV4::CompiledData::CompilationUnit> Script::precompile(QV4::Compiler::Module *module, QQmlJS::Engine *jsEngine, Compiler::JSUnitGenerator *unitGenerator,
                                                                       const QString &fileName, const QString &finalUrl, const QString &source,
-                                                                      QList<QQmlError> *reportedErrors, Directives *directivesCollector)
+                                                                      QList<QQmlError> *reportedErrors)
 {
     using namespace QV4::Compiler;
     using namespace QQmlJS::AST;
 
-    Engine ee;
-    if (directivesCollector)
-        ee.setDirectives(directivesCollector);
-    Lexer lexer(&ee);
+    Lexer lexer(jsEngine);
     lexer.setCode(source, /*line*/1, /*qml mode*/false);
-    Parser parser(&ee);
+    Parser parser(jsEngine);
 
     parser.parseProgram();