Fix crash when C++ QJSValue parameterized signal interacts with JS

When converting the parameters of a C++ signal to JS values to provide
to a signal handler written in JS, the conversion of a QJSValue to a
QV4::Value* may yield a null pointer in case of a default constructed
QJSValue for example. This is a regression from commit
aa869cbb06bcf005e238059a2cb0205947ff0b5f and we must check for this.

Task-number: QTBUG-58133
Change-Id: I528b606b2851dfb3072e54902bd8843d31571a55
Reviewed-by: Lars Knoll <lars.knoll@qt.io>

1 files changed, 4 insertions, 1 deletions

diff --git a/src/qml/qml/qqmlboundsignal.cpp b/src/qml/qml/qqmlboundsignal.cpp
index c4af82133a..d207a4908c 100644
--- a/src/qml/qml/qqmlboundsignal.cpp
+++ b/src/qml/qml/qqmlboundsignal.cpp
@@ -199,7 +199,10 @@ void QQmlBoundSignalExpression::evaluate(void **a)
         //    for several cases (such as QVariant type and QObject-derived types)
         //args[ii] = engine->metaTypeToJS(type, a[ii + 1]);
         if (type == qMetaTypeId<QJSValue>()) {
-            callData->args[ii] = *QJSValuePrivate::getValue(reinterpret_cast<QJSValue *>(a[ii + 1]));
+            if (QV4::Value *v4Value = QJSValuePrivate::getValue(reinterpret_cast<QJSValue *>(a[ii + 1])))
+                callData->args[ii] = *v4Value;
+            else
+                callData->args[ii] = QV4::Encode::undefined();
         } else if (type == QMetaType::QVariant) {
             callData->args[ii] = scope.engine->fromVariant(*((QVariant *)a[ii + 1]));
         } else if (type == QMetaType::Int) {