From 4199572d64d46bfa2efdcf7c910e81e5b8fb5547 Mon Sep 17 00:00:00 2001
From: Dmitry Shachnev <mitya57@gmail.com>
Date: Fri, 16 Jun 2017 22:51:57 +0300
Subject: Fix QML compiler crashes on big endian systems

Commit be491913c036b148 changed QV4::CompiledData::Unit to use LEUInt32
structures internally, rather than native uints, however the generators
were not updated at that time and still wrote native uints.

Also initialize constants field of CompilationUnit to prevent crashes
in unlink() where operator delete[] is called.

Change-Id: Id6c6e6ad519c9927ba6027479689ecfde9ea86de
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
---
 src/qml/compiler/qqmlirbuilder.cpp   |  8 ++++----
 src/qml/compiler/qv4compileddata.cpp |  2 ++
 src/qml/compiler/qv4compiler.cpp     | 10 +++++-----
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/qml/compiler/qqmlirbuilder.cpp b/src/qml/compiler/qqmlirbuilder.cpp
index 57cb4c607c..03a71768d8 100644
--- a/src/qml/compiler/qqmlirbuilder.cpp
+++ b/src/qml/compiler/qqmlirbuilder.cpp
@@ -1425,7 +1425,7 @@ QV4::CompiledData::Unit *QmlUnitGenerator::generate(Document &output, const QV4:
     }
 
     // write objects
-    quint32 *objectTable = reinterpret_cast<quint32*>(data + qmlUnit->offsetToObjects);
+    QV4::CompiledData::LEUInt32 *objectTable = reinterpret_cast<QV4::CompiledData::LEUInt32*>(data + qmlUnit->offsetToObjects);
     char *objectPtr = data + qmlUnit->offsetToObjects + objectOffsetTableSize;
     for (int i = 0; i < output.objects.count(); ++i) {
         const Object *o = output.objects.at(i);
@@ -1467,7 +1467,7 @@ QV4::CompiledData::Unit *QmlUnitGenerator::generate(Document &output, const QV4:
         objectToWrite->offsetToNamedObjectsInComponent = nextOffset;
         nextOffset += objectToWrite->nNamedObjectsInComponent * sizeof(quint32);
 
-        quint32 *functionsTable = reinterpret_cast<quint32*>(objectPtr + objectToWrite->offsetToFunctions);
+        QV4::CompiledData::LEUInt32 *functionsTable = reinterpret_cast<QV4::CompiledData::LEUInt32*>(objectPtr + objectToWrite->offsetToFunctions);
         for (const Function *f = o->firstFunction(); f; f = f->next)
             *functionsTable++ = o->runtimeFunctionIndices.at(f->index);
 
@@ -1493,7 +1493,7 @@ QV4::CompiledData::Unit *QmlUnitGenerator::generate(Document &output, const QV4:
         bindingPtr = writeBindings(bindingPtr, o, &QV4::CompiledData::Binding::isValueBindingToAlias);
         Q_ASSERT((bindingPtr - objectToWrite->offsetToBindings - objectPtr) / sizeof(QV4::CompiledData::Binding) == unsigned(o->bindingCount()));
 
-        quint32 *signalOffsetTable = reinterpret_cast<quint32*>(objectPtr + objectToWrite->offsetToSignals);
+        QV4::CompiledData::LEUInt32 *signalOffsetTable = reinterpret_cast<QV4::CompiledData::LEUInt32*>(objectPtr + objectToWrite->offsetToSignals);
         quint32 signalTableSize = 0;
         char *signalPtr = objectPtr + nextOffset;
         for (const Signal *s = o->firstSignal(); s; s = s->next) {
@@ -1513,7 +1513,7 @@ QV4::CompiledData::Unit *QmlUnitGenerator::generate(Document &output, const QV4:
             signalPtr += size;
         }
 
-        quint32 *namedObjectInComponentPtr = reinterpret_cast<quint32*>(objectPtr + objectToWrite->offsetToNamedObjectsInComponent);
+        QV4::CompiledData::LEUInt32 *namedObjectInComponentPtr = reinterpret_cast<QV4::CompiledData::LEUInt32*>(objectPtr + objectToWrite->offsetToNamedObjectsInComponent);
         for (int i = 0; i < o->namedObjectsInComponent.count; ++i) {
             *namedObjectInComponentPtr++ = o->namedObjectsInComponent.at(i);
         }
diff --git a/src/qml/compiler/qv4compileddata.cpp b/src/qml/compiler/qv4compileddata.cpp
index 485a5e6fb7..db707061fe 100644
--- a/src/qml/compiler/qv4compileddata.cpp
+++ b/src/qml/compiler/qv4compileddata.cpp
@@ -99,6 +99,7 @@ CompilationUnit::CompilationUnit()
     , runtimeLookups(0)
     , runtimeRegularExpressions(0)
     , runtimeClasses(0)
+    , constants(nullptr)
     , totalBindingsCount(0)
     , totalParserStatusCount(0)
     , totalObjectCount(0)
@@ -239,6 +240,7 @@ void CompilationUnit::unlink()
     runtimeFunctions.clear();
 #if Q_BYTE_ORDER == Q_BIG_ENDIAN
     delete [] constants;
+    constants = nullptr;
 #endif
 }
 
diff --git a/src/qml/compiler/qv4compiler.cpp b/src/qml/compiler/qv4compiler.cpp
index e32749bbf7..de1b835edb 100644
--- a/src/qml/compiler/qv4compiler.cpp
+++ b/src/qml/compiler/qv4compiler.cpp
@@ -335,29 +335,29 @@ void QV4::Compiler::JSUnitGenerator::writeFunction(char *f, QV4::IR::Function *i
     function->codeSize = 0;
 
     // write formals
-    quint32 *formals = (quint32 *)(f + function->formalsOffset);
+    CompiledData::LEUInt32 *formals = (CompiledData::LEUInt32 *)(f + function->formalsOffset);
     for (int i = 0; i < irFunction->formals.size(); ++i)
         formals[i] = getStringId(*irFunction->formals.at(i));
 
     // write locals
-    quint32 *locals = (quint32 *)(f + function->localsOffset);
+    CompiledData::LEUInt32 *locals = (CompiledData::LEUInt32 *)(f + function->localsOffset);
     for (int i = 0; i < irFunction->locals.size(); ++i)
         locals[i] = getStringId(*irFunction->locals.at(i));
 
     // write QML dependencies
-    quint32 *writtenDeps = (quint32 *)(f + function->dependingIdObjectsOffset);
+    CompiledData::LEUInt32 *writtenDeps = (CompiledData::LEUInt32 *)(f + function->dependingIdObjectsOffset);
     for (int id : irFunction->idObjectDependencies) {
         Q_ASSERT(id >= 0);
         *writtenDeps++ = static_cast<quint32>(id);
     }
 
-    writtenDeps = (quint32 *)(f + function->dependingContextPropertiesOffset);
+    writtenDeps = (CompiledData::LEUInt32 *)(f + function->dependingContextPropertiesOffset);
     for (auto property : irFunction->contextObjectPropertyDependencies) {
         *writtenDeps++ = property.key(); // property index
         *writtenDeps++ = property.value(); // notify index
     }
 
-    writtenDeps = (quint32 *)(f + function->dependingScopePropertiesOffset);
+    writtenDeps = (CompiledData::LEUInt32 *)(f + function->dependingScopePropertiesOffset);
     for (auto property : irFunction->scopeObjectPropertyDependencies) {
         *writtenDeps++ = property.key(); // property index
         *writtenDeps++ = property.value(); // notify index
-- 
cgit v1.2.3


From 525de4ff29cfefd9f676ba35a4e8d7494e5198c2 Mon Sep 17 00:00:00 2001
From: Antti Kokko <antti.kokko@qt.io>
Date: Mon, 19 Jun 2017 11:45:22 +0300
Subject: Add changes file for 5.9.1

Change-Id: I71dbd595c0d718bf470aa7d890d90cebf0f98abd
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: J-P Nurmi <jpnurmi@qt.io>
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
---
 dist/changes-5.9.1 | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 dist/changes-5.9.1

diff --git a/dist/changes-5.9.1 b/dist/changes-5.9.1
new file mode 100644
index 0000000000..971b1832c8
--- /dev/null
+++ b/dist/changes-5.9.1
@@ -0,0 +1,83 @@
+Qt 5.9.1 is a bug-fix release. It maintains both forward and backward
+compatibility (source and binary) with Qt 5.9.0.
+
+For more details, refer to the online documentation included in this
+distribution. The documentation is also available online:
+
+http://doc.qt.io/qt-5/index.html
+
+The Qt version 5.9 series is binary compatible with the 5.8.x series.
+Applications compiled for 5.8 will continue to run with 5.9.
+
+Some of the changes listed in this file include issue tracking numbers
+corresponding to tasks in the Qt Bug Tracker:
+
+https://bugreports.qt.io/
+
+Each of these identifiers can be entered in the bug tracker to obtain more
+information about a particular change.
+
+****************************************************************************
+*                               Qt 5.9.1 Changes                           *
+****************************************************************************
+
+QtQml
+-----
+
+ - Fixed the QML Connections element ignoring the initial state of the
+   enabled property.
+
+ - Fixed QML crashes on big endian systems.
+
+ - Fixed memory leak in QQmlExpression.
+
+
+ - Various performance and memory consumption improvements
+    - Make sure the garbage collector returns completely free memory blocks
+      to the operating system.
+    - Reduce size of JavaScript objects
+    - Optimize JS property storage to make better use of the available
+      memory
+    - Reduce the size of the generated byte code when using the bytecode
+      interpreter
+    - Reduce memory usage of the JIT by creating more compact code
+    - Optimize code generation for JS expressions of type 'foo[bar]'
+
+ - Applied workaround for miscompilation with gcc 5.
+
+ - Fixed some cases where qml cache files would be ignored
+
+ - Don't generate QML cache files ahead of time on Android, as it causes
+   problems on some phones.
+
+
+QtQuick
+-------
+
+ - QQuickItemView:
+   * [QTBUG-48394][QTBUG-61294] Fixed a crash that could occur with bindings
+     to contentItem.children or contentItem.childrenRect.
+
+ - QQuickView:
+   * Set the window's contentItem as the QObject-parent of the rootObject
+     to ensure consistent behavior for calling findChildren() on
+     QQuickWindow::contentItem and QQuickView::rootObject.
+
+- QQuickWidget:
+  * [QTBUG-60985] Fixed rendering in QMdiArea when using the software
+    rendererer.
+  * [QTBUG-60988] Fixed the delivery of shortcut override events.
+
+ - QQuickWindow:
+   * Set the window as the QObject-parent of the contentItem to ensure
+     consistent behavior for calling findChildren() on QQuickWindow and
+     QQuickWindow::contentItem.
+
+QuickTest
+---------
+
+ - TestCase:
+   * [QTBUG-61297] Fixed compare() for URL objects.
+   * [QTBUG-32555] Made compare() print out dates' milliseconds to make it
+     possible to see why a comparison of two dates fails when only their
+     milliseconds differ.
-- 
cgit v1.2.3