Ensure that we never create empty MemberData objects

They don't make sense.

Also fixes a crash in test262, where we would pass n == 0 to
MemberData::allocate().

Change-Id: Ia95ab6632bd1998afe84a38c38c3c6603230362d
Reviewed-by: Erik Verbruggen <erik.verbruggen@qt.io>

4 files changed, 14 insertions, 8 deletions

diff --git a/src/qml/jsruntime/qv4argumentsobject.cpp b/src/qml/jsruntime/qv4argumentsobject.cpp
index 5a190d6690..9354bcb1a3 100644
--- a/src/qml/jsruntime/qv4argumentsobject.cpp
+++ b/src/qml/jsruntime/qv4argumentsobject.cpp
@@ -88,10 +88,12 @@ void ArgumentsObject::fullyCreate()
 
     Scope scope(engine());
     Scoped<MemberData> md(scope, d()->mappedArguments);
-    d()->mappedArguments = md->allocate(engine(), numAccessors);
-    for (uint i = 0; i < numAccessors; ++i) {
-        d()->mappedArguments->data[i] = context()->callData->args[i];
-        arraySet(i, context()->engine->argumentsAccessors + i, Attr_Accessor);
+    if (numAccessors) {
+        d()->mappedArguments = md->allocate(engine(), numAccessors);
+        for (uint i = 0; i < numAccessors; ++i) {
+            d()->mappedArguments->data[i] = context()->callData->args[i];
+            arraySet(i, context()->engine->argumentsAccessors + i, Attr_Accessor);
+        }
     }
     arrayPut(numAccessors, context()->callData->args + numAccessors, argCount - numAccessors);
     for (uint i = numAccessors; i < argCount; ++i)
diff --git a/src/qml/jsruntime/qv4memberdata.cpp b/src/qml/jsruntime/qv4memberdata.cpp
index f2a24f8179..db45c77472 100644
--- a/src/qml/jsruntime/qv4memberdata.cpp
+++ b/src/qml/jsruntime/qv4memberdata.cpp
@@ -55,6 +55,7 @@ void MemberData::markObjects(Heap::Base *that, ExecutionEngine *e)
 Heap::MemberData *MemberData::allocate(ExecutionEngine *e, uint n, Heap::MemberData *old)
 {
     Q_ASSERT(!old || old->size < n);
+    Q_ASSERT(n);
 
     size_t alloc = MemoryManager::align(sizeof(Heap::MemberData) + (n - 1)*sizeof(Value));
     Heap::MemberData *m = e->memoryManager->allocManaged<MemberData>(alloc);
diff --git a/src/qml/jsruntime/qv4object.cpp b/src/qml/jsruntime/qv4object.cpp
index 5d6c479477..eb9cb80cee 100644
--- a/src/qml/jsruntime/qv4object.cpp
+++ b/src/qml/jsruntime/qv4object.cpp
@@ -61,7 +61,7 @@ DEFINE_OBJECT_VTABLE(Object);
 void Object::setInternalClass(InternalClass *ic)
 {
     d()->internalClass = ic;
-    if (!d()->memberData || (d()->memberData->size < ic->size))
+    if ((!d()->memberData && ic->size) || (d()->memberData->size < ic->size))
         d()->memberData = MemberData::allocate(ic->engine, ic->size, d()->memberData);
 }
 
diff --git a/src/qml/qml/qqmlvmemetaobject.cpp b/src/qml/qml/qqmlvmemetaobject.cpp
index 545daa96f8..490a4e19ab 100644
--- a/src/qml/qml/qqmlvmemetaobject.cpp
+++ b/src/qml/qml/qqmlvmemetaobject.cpp
@@ -325,9 +325,12 @@ QQmlVMEMetaObject::QQmlVMEMetaObject(QObject *obj,
         if (compiledObject->nProperties || compiledObject->nFunctions) {
             Q_ASSERT(cache && cache->engine);
             QV4::ExecutionEngine *v4 = cache->engine;
-            QV4::Heap::MemberData *data = QV4::MemberData::allocate(v4, compiledObject->nProperties + compiledObject->nFunctions);
-            propertyAndMethodStorage.set(v4, data);
-            std::fill(data->data, data->data + data->size, QV4::Encode::undefined());
+            uint size = compiledObject->nProperties + compiledObject->nFunctions;
+            if (size) {
+                QV4::Heap::MemberData *data = QV4::MemberData::allocate(v4, size);
+                propertyAndMethodStorage.set(v4, data);
+                std::fill(data->data, data->data + data->size, QV4::Encode::undefined());
+            }
 
             // Need JS wrapper to ensure properties/methods are marked.
             ensureQObjectWrapper();