From a6fb18f1865aff8b96dfba1e341019371b5fa9f2 Mon Sep 17 00:00:00 2001
From: Simon Hausmann <simon.hausmann@theqtcompany.com>
Date: Tue, 28 Apr 2015 16:53:37 +0200
Subject: Fix uninitialized variables/data

* Initialize the indexOfRootObject member
* When creating the QV4::CompiledData::String objects,
  don't include the one ushort _beyond_ the QString, which
  is random data.

Change-Id: I8fe8a465e2713a385504f217b367a62b70ee5fdf
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
---
 src/qml/compiler/qqmlirbuilder.cpp   | 1 +
 src/qml/compiler/qv4compileddata_p.h | 2 +-
 src/qml/compiler/qv4compiler.cpp     | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/qml/compiler')

diff --git a/src/qml/compiler/qqmlirbuilder.cpp b/src/qml/compiler/qqmlirbuilder.cpp
index e5d97341b9..c645a29b15 100644
--- a/src/qml/compiler/qqmlirbuilder.cpp
+++ b/src/qml/compiler/qqmlirbuilder.cpp
@@ -290,6 +290,7 @@ void Document::removeScriptPragmas(QString &script)
 Document::Document(bool debugMode)
     : jsModule(debugMode)
     , program(0)
+    , indexOfRootObject(0)
     , jsGenerator(&jsModule)
     , unitFlags(0)
 {
diff --git a/src/qml/compiler/qv4compileddata_p.h b/src/qml/compiler/qv4compileddata_p.h
index f46e27fe98..48324fbbc4 100644
--- a/src/qml/compiler/qv4compileddata_p.h
+++ b/src/qml/compiler/qv4compileddata_p.h
@@ -135,7 +135,7 @@ struct String
     // uint16 strdata[]
 
     static int calculateSize(const QString &str) {
-        return (sizeof(String) + (str.length() + 1) * sizeof(quint16) + 7) & ~0x7;
+        return (sizeof(String) + str.length() * sizeof(quint16) + 7) & ~0x7;
     }
 };
 
diff --git a/src/qml/compiler/qv4compiler.cpp b/src/qml/compiler/qv4compiler.cpp
index 285c0070ef..450889c275 100644
--- a/src/qml/compiler/qv4compiler.cpp
+++ b/src/qml/compiler/qv4compiler.cpp
@@ -78,7 +78,7 @@ void QV4::Compiler::StringTableGenerator::serialize(CompiledData::Unit *unit)
         QV4::CompiledData::String *s = (QV4::CompiledData::String*)(stringData);
         s->flags = 0; // ###
         s->size = qstr.length();
-        memcpy(s + 1, qstr.constData(), (qstr.length() + 1)*sizeof(ushort));
+        memcpy(s + 1, qstr.constData(), qstr.length()*sizeof(ushort));
 
         stringData += QV4::CompiledData::String::calculateSize(qstr);
     }
-- 
cgit v1.2.3


From 2fdb6eba0a58b629db32f9eefec2f26df08d3d2e Mon Sep 17 00:00:00 2001
From: Simon Hausmann <simon.hausmann@theqtcompany.com>
Date: Thu, 30 Apr 2015 13:20:43 +0200
Subject: Fix passing of locals as function arguments with side-effects

Commit 75c22465cf8fe262edfe6178bb9ca19661fb710e regressed in allowing
locals and arguments to be passed directly as further arguments to function
calls, but that's incorrect when considering

    var i = 2;
    testFunction(i, i += 2)

where it is instrumental to place the first argument into a temp (making a
copy) instead of passing it directly.

Change-Id: Iffcf6c6eda92a8fb665982cda1db0b96359cd092
Task-number: QTBUG-45879
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
---
 src/qml/compiler/qv4codegen.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/qml/compiler')

diff --git a/src/qml/compiler/qv4codegen.cpp b/src/qml/compiler/qv4codegen.cpp
index a7b5326861..260db0f0dd 100644
--- a/src/qml/compiler/qv4codegen.cpp
+++ b/src/qml/compiler/qv4codegen.cpp
@@ -538,7 +538,7 @@ IR::Expr *Codegen::subscript(IR::Expr *base, IR::Expr *index)
 
 IR::Expr *Codegen::argument(IR::Expr *expr)
 {
-    if (expr && !expr->asTemp() && !expr->asArgLocal()) {
+    if (expr && !expr->asTemp()) {
         const unsigned t = _block->newTemp();
         move(_block->TEMP(t), expr);
         expr = _block->TEMP(t);
-- 
cgit v1.2.3


From c31d6e946d700bb404fdcadaba11ac45c714d60d Mon Sep 17 00:00:00 2001
From: Simon Hausmann <simon.hausmann@theqtcompany.com>
Date: Tue, 5 May 2015 13:14:36 +0200
Subject: Avoid uninitialized bytes in QV4::CompiledData

When populating the QV4::CompiledData for a JS unit, we memset the malloc'ed
data to zero. We should do the same when creating a unit for QML files. We do
write all the fields that we use, but due to padding we may end up with bytes
that are neither used nor written but still uninitialized. Consequently they
should be zero'ed, otherwise serialization will write garbage.

Change-Id: I0b093e4dde6789d7236247507221f4f3476ba89d
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
---
 src/qml/compiler/qqmlirbuilder.cpp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/qml/compiler')

diff --git a/src/qml/compiler/qqmlirbuilder.cpp b/src/qml/compiler/qqmlirbuilder.cpp
index c645a29b15..63833504f1 100644
--- a/src/qml/compiler/qqmlirbuilder.cpp
+++ b/src/qml/compiler/qqmlirbuilder.cpp
@@ -1319,6 +1319,7 @@ QV4::CompiledData::Unit *QmlUnitGenerator::generate(Document &output)
     const int totalSize = unitSize + importSize + objectOffsetTableSize + objectsSize + output.jsGenerator.stringTable.sizeOfTableAndData();
     char *data = (char*)malloc(totalSize);
     memcpy(data, jsUnit, unitSize);
+    memset(data + unitSize, 0, totalSize - unitSize);
     if (jsUnit != compilationUnit->data)
         free(jsUnit);
     jsUnit = 0;
-- 
cgit v1.2.3