diff options
author | Lars Knoll <lars.knoll@qt.io> | 2018-02-15 15:39:01 +0100 |
---|---|---|
committer | Lars Knoll <lars.knoll@qt.io> | 2018-02-15 15:39:01 +0100 |
commit | 16ca5eab9bdd31774dc8e657f217e044640eecff (patch) | |
tree | 9bfcec84ff94fb8f817e6de20b87f86cf86d68a2 /src/qml/jsruntime | |
parent | 421dcfb5792a5ff5e5a9851e0c1edf6e87422680 (diff) |
Fix crash when changing from a simple to a sparse array
After that change, if we ran out of slots in the freeList,
the last entry would point to the first Value in the value
array, not indicating that we ran out of free slots.
Task-number: QTBUG-65828
Change-Id: I3e57bb7a0c2dc29172a485a6ea957b6ab5ac962e
Diffstat (limited to 'src/qml/jsruntime')
-rw-r--r-- | src/qml/jsruntime/qv4arraydata.cpp | 2 | ||||
-rw-r--r-- | src/qml/jsruntime/qv4sparsearray.cpp | 1 | ||||
-rw-r--r-- | src/qml/jsruntime/qv4sparsearray_p.h | 2 |
3 files changed, 3 insertions, 2 deletions
diff --git a/src/qml/jsruntime/qv4arraydata.cpp b/src/qml/jsruntime/qv4arraydata.cpp index 9b7251f3d0..5e971c8e9b 100644 --- a/src/qml/jsruntime/qv4arraydata.cpp +++ b/src/qml/jsruntime/qv4arraydata.cpp @@ -227,8 +227,8 @@ void ArrayData::realloc(Object *o, Type newType, uint requested, bool enforceAtt sparse->values.values[i].setEmpty(); lastFree = &sparse->values.values[i].rawValueRef(); } - storeValue(lastFree, UINT_MAX); } + storeValue(lastFree, UINT_MAX); Q_ASSERT(Value::fromReturnedValue(sparse->sparse->freeList).isEmpty()); // ### Could explicitly free the old data diff --git a/src/qml/jsruntime/qv4sparsearray.cpp b/src/qml/jsruntime/qv4sparsearray.cpp index b7be66bc31..f295e74adc 100644 --- a/src/qml/jsruntime/qv4sparsearray.cpp +++ b/src/qml/jsruntime/qv4sparsearray.cpp @@ -395,6 +395,7 @@ void SparseArray::freeTree(SparseArrayNode *root, int alignment) SparseArray::SparseArray() : numEntries(0) { + freeList = Primitive::emptyValue(UINT_MAX).asReturnedValue(); header.p = 0; header.left = 0; header.right = 0; diff --git a/src/qml/jsruntime/qv4sparsearray_p.h b/src/qml/jsruntime/qv4sparsearray_p.h index 6dca1e1a34..ca6abcda89 100644 --- a/src/qml/jsruntime/qv4sparsearray_p.h +++ b/src/qml/jsruntime/qv4sparsearray_p.h @@ -151,7 +151,7 @@ struct Q_QML_EXPORT SparseArray SparseArray(const SparseArray &other); - ReturnedValue freeList = 0; + ReturnedValue freeList; private: SparseArray &operator=(const SparseArray &other); |