From 2a8d1f27df08aa42fae3d9b80abc4a7935d3ba63 Mon Sep 17 00:00:00 2001 From: Erik Verbruggen Date: Wed, 11 Oct 2017 11:29:21 +0200 Subject: Fix potential crash in codegen Do more checking for previous errors: evaluating a condition can return an invalid result, because it might bail out because of an error. Change-Id: I14709e48f00146baac9599320e436abb30acc938 Reviewed-by: Lars Knoll --- src/qml/compiler/qv4codegen.cpp | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) (limited to 'src/qml/compiler/qv4codegen.cpp') diff --git a/src/qml/compiler/qv4codegen.cpp b/src/qml/compiler/qv4codegen.cpp index 824cb77e7a..eac107fc16 100644 --- a/src/qml/compiler/qv4codegen.cpp +++ b/src/qml/compiler/qv4codegen.cpp @@ -321,21 +321,30 @@ void Codegen::statement(ExpressionNode *ast) void Codegen::condition(ExpressionNode *ast, const BytecodeGenerator::Label *iftrue, const BytecodeGenerator::Label *iffalse, bool trueBlockFollowsCondition) { - if (ast) { - Result r(iftrue, iffalse, trueBlockFollowsCondition); - qSwap(_expr, r); - accept(ast); - qSwap(_expr, r); - if (r.format() == ex) { - Q_ASSERT(iftrue == r.iftrue()); - Q_ASSERT(iffalse == r.iffalse()); - bytecodeGenerator->setLocation(ast->firstSourceLocation()); - r.result().loadInAccumulator(); - if (r.trueBlockFollowsCondition()) - bytecodeGenerator->jumpFalse().link(*r.iffalse()); - else - bytecodeGenerator->jumpTrue().link(*r.iftrue()); - } + if (hasError) + return; + + if (!ast) + return; + + Result r(iftrue, iffalse, trueBlockFollowsCondition); + qSwap(_expr, r); + accept(ast); + qSwap(_expr, r); + + if (hasError) + return; + + if (r.format() == ex) { + Q_ASSERT(iftrue == r.iftrue()); + Q_ASSERT(iffalse == r.iffalse()); + Q_ASSERT(r.result().isValid()); + bytecodeGenerator->setLocation(ast->firstSourceLocation()); + r.result().loadInAccumulator(); + if (r.trueBlockFollowsCondition()) + bytecodeGenerator->jumpFalse().link(*r.iffalse()); + else + bytecodeGenerator->jumpTrue().link(*r.iftrue()); } } -- cgit v1.2.3