diff options
| author | Frank Meerkoetter <frank.meerkoetter@basyskom.com> | 2015-11-06 10:37:21 +0100 |
|---|---|---|
| committer | Lars Knoll <lars.knoll@theqtcompany.com> | 2015-11-23 12:44:33 +0000 |
| commit | d1de10fa2dce63cf45f7b013d00d1953415d6069 (patch) | |
| tree | 9d665e5d10b602d81b34639524c58d35e57a2b5e /src/qml | |
| parent | 5b82c1b7abc515274e6348136356bbf8f1374e4a (diff) | |
Fix crash related to BoundFunctions
This fix prevents the crash documented in QTBUG-49076.
To quote Erik on the cause of the crash:
Call stack is probably: FunctionPrototype::method_bind ->
BoundFunction::create -> mm::allocObject ->
BoundFunction::BoundFunction -> Heap::FunctionObject ->
(Scoped)FunctionObject::init -> engine::newObject ->
... -> mm::allocObject
The call to Heap::FunctionObject in BoundFunction is the
call to the parent class constructor, which causes an
allocation. But at that point, BoundFunction's target is
still zero-initialised (the real initialization happens
first thing *after* the parent class' constructor is called).
Change-Id: If256f59168867cba9c886642ebaacb1d56801da4
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
Reviewed-by: Simon Hausmann <simon.hausmann@theqtcompany.com>
Diffstat (limited to 'src/qml')
| -rw-r--r-- | src/qml/jsruntime/qv4functionobject.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/qml/jsruntime/qv4functionobject.cpp b/src/qml/jsruntime/qv4functionobject.cpp index 2944c7b421..be09a58fc9 100644 --- a/src/qml/jsruntime/qv4functionobject.cpp +++ b/src/qml/jsruntime/qv4functionobject.cpp @@ -729,7 +729,8 @@ ReturnedValue BoundFunction::construct(const Managed *that, CallData *dd) void BoundFunction::markObjects(Heap::Base *that, ExecutionEngine *e) { BoundFunction::Data *o = static_cast<BoundFunction::Data *>(that); - o->target->mark(e); + if (o->target) + o->target->mark(e); o->boundThis.mark(e); if (o->boundArgs) o->boundArgs->mark(e); |