Fix marking of prototype objects in internal class pool

As per reported bug, we have to protect ourselves against potential loops
and can mark the internal classes much simpler by just walking through
the memory pool they were allocated in.

Task-number: QTBUG-38299
Change-Id: I3ae96e8082e76d06f4321c5aa6d2e9645d2830a0
Reviewed-by: Lars Knoll <lars.knoll@digia.com>

1 files changed, 24 insertions, 0 deletions

diff --git a/src/qml/parser/qqmljsmemorypool_p.h b/src/qml/parser/qqmljsmemorypool_p.h
index 29103930ad..1809f500e3 100644
--- a/src/qml/parser/qqmljsmemorypool_p.h
+++ b/src/qml/parser/qqmljsmemorypool_p.h
@@ -65,6 +65,8 @@ QT_QML_BEGIN_NAMESPACE
 
 namespace QQmlJS {
 
+class Managed;
+
 class QML_PARSER_EXPORT MemoryPool : public QSharedData
 {
     MemoryPool(const MemoryPool &other);
@@ -110,6 +112,28 @@ public:
 
     template <typename _Tp> _Tp *New() { return new (this->allocate(sizeof(_Tp))) _Tp(); }
 
+    template <typename PoolContentType, typename Visitor>
+    void visitManagedPool(Visitor &visitor)
+    {
+        for (int i = 0; i <= _blockCount; ++i) {
+            char *p = _blocks[i];
+            char *end = p + BLOCK_SIZE;
+            if (i == _blockCount) {
+                Q_ASSERT(_ptr <= end);
+                end = _ptr;
+            }
+
+            Q_ASSERT(p <= end);
+
+            const qptrdiff increment = (sizeof(PoolContentType) + 7) & ~7;
+
+            while (p + increment <= end) {
+                visitor(reinterpret_cast<PoolContentType*>(p));
+                p += increment;
+            }
+        }
+    }
+
 private:
     void *allocate_helper(size_t size)
     {