From 0dd479fc8d856b94f3be961364ee1bcacea2c961 Mon Sep 17 00:00:00 2001 From: Lars Knoll Date: Wed, 18 Apr 2018 09:48:58 +0200 Subject: Fix removal of members from the InternalClass Removing identifiers from the propertyhash could cause subtle issues if there was an identifier that hashed to the same value as the identifier being removed stored in the hash afterwards. This identifier could end up in a state where it could not be found anymore. Amends ea164ca4a8ec1e5c568ab82c0c4256a841f77bf0 Change-Id: I2881865ee83833b6364d9be55579b8fc7d7c5016 Reviewed-by: Simon Hausmann --- src/qml/jsruntime/qv4internalclass.cpp | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/src/qml/jsruntime/qv4internalclass.cpp b/src/qml/jsruntime/qv4internalclass.cpp index a01e42e817..4c7eb7b185 100644 --- a/src/qml/jsruntime/qv4internalclass.cpp +++ b/src/qml/jsruntime/qv4internalclass.cpp @@ -88,19 +88,30 @@ void PropertyHash::addEntry(const PropertyHash::Entry &entry, int classSize) int PropertyHash::removeIdentifier(Identifier *identifier, int classSize) { - detach(false, classSize); - uint idx = identifier->hashValue % d->alloc; - while (1) { - if (d->entries[idx].identifier == identifier) { - int val = d->entries[idx].index; - d->entries[idx] = { nullptr, 0 }; - return val; + int val = -1; + PropertyHashData *dd = new PropertyHashData(d->numBits); + for (int i = 0; i < d->alloc; ++i) { + const Entry &e = d->entries[i]; + if (!e.identifier || e.index >= static_cast(classSize)) + continue; + if (e.identifier == identifier) { + val = e.index; + continue; } - - ++idx; - idx %= d->alloc; + uint idx = e.identifier->hashValue % dd->alloc; + while (dd->entries[idx].identifier) { + ++idx; + idx %= dd->alloc; + } + dd->entries[idx] = e; } - Q_UNREACHABLE(); + dd->size = classSize; + if (!--d->refCount) + delete d; + d = dd; + + Q_ASSERT(val != -1); + return val; } void PropertyHash::detach(bool grow, int classSize) -- cgit v1.2.3