Fix a crash in setInternalClass

Revealed by the ES6 testsuite, ./test/built-ins/Object/freeze/15.2.3.9-2-1.js and probably others. We cannot unconditionally dereference memberData, it may not always exist. ES6 tests test/built-ins/Object/freeze before: === Summary === - Ran 92 tests - Passed 66 tests (71.7%) - Failed 26 tests (28.3%) after: === Summary === - Ran 92 tests - Passed 90 tests (97.8%) - Failed 2 tests (2.2%) Change-Id: I22a6c9ca081394ba15edfde09f73769eb3ce47b3 Reviewed-by: Simon Hausmann <simon.hausmann@qt.io> Reviewed-by: Lars Knoll <lars.knoll@qt.io>
author: Robin Burchell <robin.burchell@crimson.no> 2017-02-03 08:45:12 +0100
committer: Simon Hausmann <simon.hausmann@qt.io> 2017-02-03 12:48:40 +0000
commit: b7090f1334ac7b8ad2548f084c749eda4fa82451 (patch)
tree: 3187ecc4d3c68e387278b5df8b153a14daf149e7 /src
parent: 790cfb2bb26990c8345c860d6a23e4116df92f48 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/qml/jsruntime/qv4object.cpp b/src/qml/jsruntime/qv4object.cpp
index 2f664c6398..12157af728 100644
--- a/src/qml/jsruntime/qv4object.cpp
+++ b/src/qml/jsruntime/qv4object.cpp
@@ -61,7 +61,8 @@ DEFINE_OBJECT_VTABLE(Object);
 void Object::setInternalClass(InternalClass *ic)
 {
     d()->internalClass = ic;
-    if ((!d()->memberData && ic->size) || (d()->memberData->size < ic->size))
+    bool hasMD = d()->memberData != nullptr;
+    if ((!hasMD && ic->size) || (hasMD && d()->memberData->size < ic->size))
         d()->memberData = MemberData::allocate(ic->engine, ic->size, d()->memberData);
 }
author	Robin Burchell <robin.burchell@crimson.no>	2017-02-03 08:45:12 +0100
committer	Simon Hausmann <simon.hausmann@qt.io>	2017-02-03 12:48:40 +0000
commit	b7090f1334ac7b8ad2548f084c749eda4fa82451 (patch)
tree	3187ecc4d3c68e387278b5df8b153a14daf149e7 /src
parent	790cfb2bb26990c8345c860d6a23e4116df92f48 (diff)