Fix crash when calling hasOwnProperty() on proxy object

Property pointer p needs to be checked for nullptr value in QV4::ProxyObject::virtualGetOwnProperty(). This can happen when calling hasOwnProperty() or propertyIsEnumerable(). Fixes: QTBUG-88786 Pick-to: 6.0 5.15 Change-Id: I43da58fed4d8656f9187213f7317f17398739e34 Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
author: Richard Weickelt <richard@weickelt.de> 2020-11-24 01:14:28 +0100
committer: Richard Weickelt <richard@weickelt.de> 2020-11-24 21:38:19 +0100
commit: 9b321a34490cd17c0eb043b69bd7c9d8d8f513d5 (patch)
tree: f2c36d6d8686fd7e1e273f5eaca8beea368aea04 /tests/auto/qml/qqmlecmascript
parent: 3b2dacbf3da0c9725a5408b0b956ef15cde3f947 (diff)
1 files changed, 30 insertions, 1 deletions
diff --git a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp
index 03fc8e5ad4..d7cb85a75d 100644
--- a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp
+++ b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp
@@ -392,7 +392,7 @@ private slots:
     void urlSearchParamsMethods();
     void variantConversionMethod();
     void sequenceConversionMethod();
-
+    void proxyHandlerTraps();
     void gcCrashRegressionTest();
 
 private:
@@ -9512,6 +9512,35 @@ void tst_qqmlecmascript::sequenceConversionMethod()
     QCOMPARE(obj.funcCalled, QLatin1String("stringlist"));
 }
 
+void tst_qqmlecmascript::proxyHandlerTraps()
+{
+    const QString expression = QStringLiteral(R"SNIPPET(
+        (function(){
+            const target = {
+                prop: 47
+            };
+            const handler = {
+                getOwnPropertyDescriptor(target, prop) {
+                    return { configurable: true, enumerable: true, value: 47 };
+                }
+            };
+            const proxy = new Proxy(target, handler);
+
+            // QTBUG-88786
+            if (!proxy.propertyIsEnumerable("prop"))
+                throw Error("FAIL: propertyisEnumerable");
+            if (!proxy.hasOwnProperty("prop"))
+                throw Error("FAIL: hasOwnProperty");
+
+            return "SUCCESS";
+        })()
+    )SNIPPET");
+
+    QJSEngine engine;
+    QJSValue value = engine.evaluate(expression);
+    QVERIFY(value.isString() && value.toString() == QStringLiteral("SUCCESS"));
+}
+
 QTEST_MAIN(tst_qqmlecmascript)
 
 #include "tst_qqmlecmascript.moc"
author	Richard Weickelt <richard@weickelt.de>	2020-11-24 01:14:28 +0100
committer	Richard Weickelt <richard@weickelt.de>	2020-11-24 21:38:19 +0100
commit	9b321a34490cd17c0eb043b69bd7c9d8d8f513d5 (patch)
tree	f2c36d6d8686fd7e1e273f5eaca8beea368aea04 /tests/auto/qml/qqmlecmascript
parent	3b2dacbf3da0c9725a5408b0b956ef15cde3f947 (diff)