diff options
| author | Lars Knoll <lars.knoll@digia.com> | 2013-09-20 15:13:14 +0200 |
|---|---|---|
| committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-09-22 15:29:00 +0200 |
| commit | 1fb3cd12c8cdc76d1986736fbd60b5810cc17045 (patch) | |
| tree | 700e7e2d29231a57c945e53fe71e2ab2250e8f2a /src/qml/qml/v8 | |
| parent | 47bf40dd49f90b52cc1b545b2be3035d48d6199e (diff) | |
Fix cases where mark() would access uninitialized memory
Change-Id: I4e07e20d30ba57759a0ece1c298a02b098718b33
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
Diffstat (limited to 'src/qml/qml/v8')
| -rw-r--r-- | src/qml/qml/v8/qv8engine.cpp | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/src/qml/qml/v8/qv8engine.cpp b/src/qml/qml/v8/qv8engine.cpp index 70c3104ffa..b62e2150af 100644 --- a/src/qml/qml/v8/qv8engine.cpp +++ b/src/qml/qml/v8/qv8engine.cpp @@ -187,9 +187,10 @@ static QV4::ReturnedValue arrayFromStringList(QV8Engine *engine, const QStringLi QV4::Scoped<QV4::ArrayObject> a(scope, e->newArrayObject()); int len = list.count(); a->arrayReserve(len); - a->arrayDataLen = len; - for (int ii = 0; ii < len; ++ii) + for (int ii = 0; ii < len; ++ii) { a->arrayData[ii].value = QV4::Value::fromString(e->newString(list.at(ii))); + a->arrayDataLen = ii + 1; + } a->setArrayLengthUnchecked(len); return a.asReturnedValue(); } @@ -201,9 +202,10 @@ static QV4::ReturnedValue arrayFromVariantList(QV8Engine *engine, const QVariant QV4::Scoped<QV4::ArrayObject> a(scope, e->newArrayObject()); int len = list.count(); a->arrayReserve(len); - a->arrayDataLen = len; - for (int ii = 0; ii < len; ++ii) + for (int ii = 0; ii < len; ++ii) { a->arrayData[ii].value = QV4::Value::fromReturnedValue(engine->fromVariant(list.at(ii))); + a->arrayDataLen = ii + 1; + } a->setArrayLengthUnchecked(len); return a.asReturnedValue(); } @@ -314,9 +316,10 @@ QV4::ReturnedValue QV8Engine::fromVariant(const QVariant &variant) const QList<QObject *> &list = *(QList<QObject *>*)ptr; QV4::Scoped<QV4::ArrayObject> a(scope, m_v4Engine->newArrayObject()); a->arrayReserve(list.count()); - a->arrayDataLen = list.count(); - for (int ii = 0; ii < list.count(); ++ii) + for (int ii = 0; ii < list.count(); ++ii) { a->arrayData[ii].value = QV4::Value::fromReturnedValue(QV4::QObjectWrapper::wrap(m_v4Engine, list.at(ii))); + a->arrayDataLen = ii + 1; + } a->setArrayLengthUnchecked(list.count()); return a.asReturnedValue(); } else if (QMetaType::typeFlags(type) & QMetaType::PointerToQObject) { @@ -524,9 +527,10 @@ QV4::ReturnedValue QV8Engine::variantListToJS(const QVariantList &lst) QV4::Scope scope(m_v4Engine); QV4::Scoped<QV4::ArrayObject> a(scope, m_v4Engine->newArrayObject()); a->arrayReserve(lst.size()); - a->arrayDataLen = lst.size(); - for (int i = 0; i < lst.size(); i++) + for (int i = 0; i < lst.size(); i++) { a->arrayData[i].value = QV4::Value::fromReturnedValue(variantToJS(lst.at(i))); + a->arrayDataLen = i + 1; + } a->setArrayLengthUnchecked(lst.size()); return a.asReturnedValue(); } |