Qml: When cloning a stack frame, also clone its instruction pointer

Otherwise we get an out of range access when looking for the line
number. To be extra safe, we also add another guard against this to the
lineNumber() function.

Pick-to: 6.2 6.3 6.4
Fixes: QTBUG-90466
Change-Id: I4d9cb52ecba2631696537f02a3c1b75c3658ceb8
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>

1 files changed, 3 insertions, 3 deletions

diff --git a/src/qml/jsruntime/qv4stackframe.cpp b/src/qml/jsruntime/qv4stackframe.cpp
index ebbfaa23ea..a02ce0edc5 100644
--- a/src/qml/jsruntime/qv4stackframe.cpp
+++ b/src/qml/jsruntime/qv4stackframe.cpp
@@ -19,7 +19,7 @@ QString CppStackFrame::function() const
 
 int CppStackFrame::lineNumber() const
 {
-    if (!v4Function)
+    if (!v4Function || instructionPointer <= 0)
         return -1;
 
     auto findLine = [](const CompiledData::CodeOffsetToLine &entry, uint offset) {
@@ -27,9 +27,9 @@ int CppStackFrame::lineNumber() const
     };
 
     const QV4::CompiledData::Function *cf = v4Function->compiledFunction;
-    uint offset = instructionPointer;
+    const uint offset = instructionPointer;
     const CompiledData::CodeOffsetToLine *lineNumbers = cf->lineNumberTable();
-    uint nLineNumbers = cf->nLineNumbers;
+    const uint nLineNumbers = cf->nLineNumbers;
     const CompiledData::CodeOffsetToLine *line = std::lower_bound(lineNumbers, lineNumbers + nLineNumbers, offset, findLine) - 1;
     return line->line;
 }