Disable tail calls for function called with more arguments than formals

We cannot easily find the required stack space to store the extra
arguments without adding a new stack frame. In principle it would be
possible, but heavily recursing on such functions should be a rare
problem.

Change-Id: I1a53a6d29e37ce67aa7bd64acb7b1f41197e84c0
Fixes: QTBUG-72807
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>

1 files changed, 3 insertions, 1 deletions

diff --git a/src/qml/jsruntime/qv4runtime.cpp b/src/qml/jsruntime/qv4runtime.cpp
index 424103cb08..53dd3a66dd 100644
--- a/src/qml/jsruntime/qv4runtime.cpp
+++ b/src/qml/jsruntime/qv4runtime.cpp
@@ -1561,12 +1561,14 @@ ReturnedValue Runtime::method_tailCall(CppStackFrame *frame, ExecutionEngine *en
     const Value &thisObject = tos[StackOffsets::tailCall_thisObject];
     Value *argv = reinterpret_cast<Value *>(frame->jsFrame) + tos[StackOffsets::tailCall_argv].int_32();
     int argc = tos[StackOffsets::tailCall_argc].int_32();
+    Q_ASSERT(argc >= 0);
 
     if (!function.isFunctionObject())
         return engine->throwTypeError();
 
     const FunctionObject &fo = static_cast<const FunctionObject &>(function);
-    if (!frame->callerCanHandleTailCall || !fo.canBeTailCalled() || engine->debugger()) {
+    if (!frame->callerCanHandleTailCall || !fo.canBeTailCalled() || engine->debugger()
+            || unsigned(argc) > fo.formalParameterCount()) {
         // Cannot tailcall, do a normal call:
         return fo.call(&thisObject, argv, argc);
     }