diff options
author | Simon Hausmann <simon.hausmann@theqtcompany.com> | 2016-04-14 12:40:31 +0200 |
---|---|---|
committer | Simon Hausmann <simon.hausmann@theqtcompany.com> | 2016-04-14 13:49:21 +0000 |
commit | 490ec1ff4e8eecd3abac4796fbe246411205c8d2 (patch) | |
tree | b4e99cf959efabd42ea90a64ab8e850d438c5b50 /tests | |
parent | d7ca86b61e61f9375f3924397155b05e9c67d632 (diff) |
Fix memory corruption when calling Array.unshift()
The dequeue offset won't wrap around when n > offset.
[ChangeLog][QtQml] Fix crash with Array.unshift()
Task-number: QTBUG-52065
Change-Id: I5e8b89ec964cd6397100442a5239254bca989a3f
Reviewed-by: Robin Burchell <robin.burchell@viroteck.net>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/auto/qml/qjsengine/tst_qjsengine.cpp | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/tests/auto/qml/qjsengine/tst_qjsengine.cpp b/tests/auto/qml/qjsengine/tst_qjsengine.cpp index 35824c6d00..9a0865c0ac 100644 --- a/tests/auto/qml/qjsengine/tst_qjsengine.cpp +++ b/tests/auto/qml/qjsengine/tst_qjsengine.cpp @@ -142,6 +142,7 @@ private slots: void functionDeclarationsInConditionals(); void arrayPop_QTBUG_35979(); + void array_unshift_QTBUG_52065(); void regexpLastMatch(); void indexedAccesses(); @@ -2999,6 +3000,20 @@ void tst_QJSEngine::arrayPop_QTBUG_35979() QCOMPARE(result.toString(), QString("1,3")); } +void tst_QJSEngine::array_unshift_QTBUG_52065() +{ + QJSEngine eng; + QJSValue result = eng.evaluate("[1, 2, 3, 4, 5, 6, 7, 8, 9]"); + QJSValue unshift = result.property(QStringLiteral("unshift")); + unshift.callWithInstance(result, QJSValueList() << QJSValue(0)); + + int len = result.property(QStringLiteral("length")).toInt(); + QCOMPARE(len, 10); + + for (int i = 0; i < len; ++i) + QCOMPARE(result.property(i).toInt(), i); +} + void tst_QJSEngine::regexpLastMatch() { QJSEngine eng; |