From 49cf23bd2a14e2ca7236b261d7960588f07f5a0b Mon Sep 17 00:00:00 2001
From: Fabian Kosmale <fabian.kosmale@qt.io>
Date: Mon, 6 Jan 2020 16:25:17 +0100
Subject: QV4: Array.includes: Support large arrays

Creating new ScopedValues in the loop was quite wasteful, and would
trigger a crash. We now simply reuse the ScopedValue.

Fixes: QTBUG-81104
Change-Id: Ie1efd144886861a21c8f6827d7fd23699a1e0dcc
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
---
 src/qml/jsruntime/qv4arrayobject.cpp       |  3 ++-
 tests/auto/qml/qjsengine/tst_qjsengine.cpp | 12 ++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/qml/jsruntime/qv4arrayobject.cpp b/src/qml/jsruntime/qv4arrayobject.cpp
index af1a2d1de0..7b38bf34b1 100644
--- a/src/qml/jsruntime/qv4arrayobject.cpp
+++ b/src/qml/jsruntime/qv4arrayobject.cpp
@@ -1050,8 +1050,9 @@ ReturnedValue ArrayPrototype::method_includes(const FunctionObject *b, const Val
         }
     }
 
+    ScopedValue val(scope);
     while (k < len) {
-        ScopedValue val(scope, instance->get(k));
+        val = instance->get(k);
         if (val->sameValueZero(argv[0])) {
             return Encode(true);
         }
diff --git a/tests/auto/qml/qjsengine/tst_qjsengine.cpp b/tests/auto/qml/qjsengine/tst_qjsengine.cpp
index e59114a327..56d2ce8730 100644
--- a/tests/auto/qml/qjsengine/tst_qjsengine.cpp
+++ b/tests/auto/qml/qjsengine/tst_qjsengine.cpp
@@ -257,6 +257,7 @@ private slots:
     void compileBrokenRegexp();
 
     void tostringRecursionCheck();
+    void arrayIncludesWithLargeArray();
 
 public:
     Q_INVOKABLE QJSValue throwingCppMethod1();
@@ -5042,6 +5043,17 @@ void tst_QJSEngine::tostringRecursionCheck()
     QCOMPARE(value.toString(), QLatin1String("RangeError: Maximum call stack size exceeded."));
 }
 
+void tst_QJSEngine::arrayIncludesWithLargeArray()
+{
+    QJSEngine engine;
+    auto value = engine.evaluate(R"js(
+        let arr = new Array(10000000)
+        arr.includes(42)
+    )js");
+    QVERIFY(value.isBool());
+    QCOMPARE(value.toBool(), false);
+}
+
 QTEST_MAIN(tst_QJSEngine)
 
 #include "tst_qjsengine.moc"
-- 
cgit v1.2.3