V4: Prevent heap objects from getting immediately swept by GC

A destruction handler can cause a new object to be allocated during
garbage collection. Depending on where in the heap the object ends up,
it may be found during the sweep pass. As the mark pass had no chance to
mark the object, we need to set the mark bit right at allocation time in
this case.

Change-Id: Ie43eeb548e78bd375b001b3a6bb4ef6596f91980
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>

1 files changed, 14 insertions, 0 deletions

diff --git a/src/qml/memory/qv4mm.cpp b/src/qml/memory/qv4mm.cpp
index 06caf04e5a..0aeeb0ec5b 100644
--- a/src/qml/memory/qv4mm.cpp
+++ b/src/qml/memory/qv4mm.cpp
@@ -790,6 +790,13 @@ Heap::Base *MemoryManager::allocString(std::size_t unmanagedSize)
 
     HeapItem *m = allocate(&blockAllocator, stringSize);
     memset(m, 0, stringSize);
+    if (gcBlocked) {
+        // If the gc is running right now, it will not have a chance to mark the newly created item
+        // and may therefore sweep it right away.
+        // Protect the new object from the current GC run to avoid this.
+        m->as<Heap::Base>()->setMarkBit();
+    }
+
     return *m;
 }
 
@@ -805,6 +812,13 @@ Heap::Base *MemoryManager::allocData(std::size_t size)
 
     HeapItem *m = allocate(&blockAllocator, size);
     memset(m, 0, size);
+    if (gcBlocked) {
+        // If the gc is running right now, it will not have a chance to mark the newly created item
+        // and may therefore sweep it right away.
+        // Protect the new object from the current GC run to avoid this.
+        m->as<Heap::Base>()->setMarkBit();
+    }
+
     return *m;
 }