Merge remote-tracking branch 'origin/5.13' into dev

Change-Id: I5d2c3da38df35922b2147c3c0bc55c6c3bae2fe5

6 files changed, 20 insertions, 12 deletions

diff --git a/src/3rdparty/masm/yarr/YarrParser.h b/src/3rdparty/masm/yarr/YarrParser.h
index f1ffc92189..a18b553ef0 100644
--- a/src/3rdparty/masm/yarr/YarrParser.h
+++ b/src/3rdparty/masm/yarr/YarrParser.h
@@ -703,7 +703,8 @@ private:
         ASSERT(!hasError(m_errorCode));
         ASSERT(min <= max);
 
-        if (min == UINT_MAX) {
+        const unsigned quantifyLimit = 1 << 24;
+        if (min > quantifyLimit || (max != quantifyInfinite && max > quantifyLimit)) {
             m_errorCode = ErrorCode::QuantifierTooLarge;
             return;
         }
diff --git a/src/qml/compiler/qqmlpropertycachecreator_p.h b/src/qml/compiler/qqmlpropertycachecreator_p.h
index 21d653af55..346cfb5803 100644
--- a/src/qml/compiler/qqmlpropertycachecreator_p.h
+++ b/src/qml/compiler/qqmlpropertycachecreator_p.h
@@ -704,8 +704,9 @@ inline QQmlCompileError QQmlPropertyCacheAliasCreator<ObjectContainer>::property
         QVarLengthArray<const QV4::CompiledData::Alias *, 4> seenAliases({lastAlias});
 
         do {
-            const CompiledObject *targetObject = objectContainer->objectAt(
-                    objectForId(component, lastAlias->targetObjectId));
+            const int targetObjectIndex = objectForId(component, lastAlias->targetObjectId);
+            Q_ASSERT(targetObjectIndex >= 0);
+            const CompiledObject *targetObject = objectContainer->objectAt(targetObjectIndex);
             Q_ASSERT(targetObject);
 
             auto nextAlias = targetObject->aliasesBegin();
diff --git a/src/qml/jsruntime/qv4engine.cpp b/src/qml/jsruntime/qv4engine.cpp
index a0b11c2c51..e10bf3cf79 100644
--- a/src/qml/jsruntime/qv4engine.cpp
+++ b/src/qml/jsruntime/qv4engine.cpp
@@ -173,7 +173,7 @@ ExecutionEngine::ExecutionEngine(QJSEngine *jsEngine)
         bool ok = false;
         maxCallDepth = qEnvironmentVariableIntValue("QV4_MAX_CALL_DEPTH", &ok);
         if (!ok || maxCallDepth <= 0) {
-#if defined(QT_NO_DEBUG) && !defined(__SANITIZE_ADDRESS__)
+#if defined(QT_NO_DEBUG) && !defined(__SANITIZE_ADDRESS__) && !QT_HAS_FEATURE(address_sanitizer)
             maxCallDepth = 1234;
 #else
             // no (tail call) optimization is done, so there'll be a lot mare stack frames active
diff --git a/src/qml/jsruntime/qv4qmlcontext.cpp b/src/qml/jsruntime/qv4qmlcontext.cpp
index 4e917feb2d..f3351f6da0 100644
--- a/src/qml/jsruntime/qv4qmlcontext.cpp
+++ b/src/qml/jsruntime/qv4qmlcontext.cpp
@@ -457,11 +457,17 @@ ReturnedValue QQmlContextWrapper::resolveQmlContextPropertyLookupGetter(Lookup *
     // into the handler expression through the locals of the call context. So for onClicked: { ... }
     // the parameters of the clicked signal are injected and we must allow for them to be found here
     // before any other property from the QML context.
-    ExecutionContext &ctx = static_cast<ExecutionContext &>(engine->currentStackFrame->jsFrame->context);
-    if (ctx.d()->type == Heap::ExecutionContext::Type_CallContext) {
-        uint index = ctx.d()->internalClass->indexOfValueOrGetter(name);
-        if (index < UINT_MAX)
-            return static_cast<Heap::CallContext*>(ctx.d())->locals[index].asReturnedValue();
+    for (Heap::ExecutionContext *ctx = engine->currentContext()->d(); ctx; ctx = ctx->outer) {
+        if (ctx->type == Heap::ExecutionContext::Type_CallContext) {
+            const uint index = ctx->internalClass->indexOfValueOrGetter(name);
+            if (index < std::numeric_limits<uint>::max())
+                return static_cast<Heap::CallContext *>(ctx)->locals[index].asReturnedValue();
+        }
+
+        // Skip only block contexts within the current call context.
+        // Other contexts need a regular QML property lookup. See below.
+        if (ctx->type != Heap::ExecutionContext::Type_BlockContext)
+            break;
     }
 
     bool hasProperty = false;
diff --git a/src/qmldebug/qqmlprofilerevent_p.h b/src/qmldebug/qqmlprofilerevent_p.h
index 1e205d8dbb..a7e37d1964 100644
--- a/src/qmldebug/qqmlprofilerevent_p.h
+++ b/src/qmldebug/qqmlprofilerevent_p.h
@@ -291,7 +291,7 @@ private:
     squeeze(const Container &numbers)
     {
         typedef typename QIntegerForSize<sizeof(Number) / 2>::Signed Small;
-        foreach (Number item, numbers) {
+        for (Number item : numbers) {
             if (!squeezable<Number, Small>(item))
                 return false;
         }
diff --git a/src/quick/handlers/qquickpinchhandler.cpp b/src/quick/handlers/qquickpinchhandler.cpp
index 4025cd7fbf..a5a867015c 100644
--- a/src/quick/handlers/qquickpinchhandler.cpp
+++ b/src/quick/handlers/qquickpinchhandler.cpp
@@ -279,9 +279,9 @@ void QQuickPinchHandler::onActiveChanged()
             m_startScale = m_accumulatedScale;
             m_startRotation = 0;
         }
-        qCInfo(lcPinchHandler) << "activated with starting scale" << m_startScale << "rotation" << m_startRotation;
+        qCDebug(lcPinchHandler) << "activated with starting scale" << m_startScale << "rotation" << m_startRotation;
     } else {
-        qCInfo(lcPinchHandler) << "deactivated with scale" << m_activeScale << "rotation" << m_activeRotation;
+        qCDebug(lcPinchHandler) << "deactivated with scale" << m_activeScale << "rotation" << m_activeRotation;
     }
 }