From 078eb28e0c657b8107c5e8be873b3503fdea7ed2 Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Mon, 13 May 2019 17:53:06 +0200
Subject: Do not take a reference of nullptr

References are not allowed to be null, but we pass a nullptr as
receiver in QQmlContextWrapper::resolveQmlContextPropertyLookupGetter.

Detected with UBSAN.

Change-Id: Iaa7945fb17e4b0e549e541e47589b2f47d32ea4e
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
---
 src/qml/jsruntime/qv4object.cpp | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'src/qml/jsruntime/qv4object.cpp')

diff --git a/src/qml/jsruntime/qv4object.cpp b/src/qml/jsruntime/qv4object.cpp
index 7dd0a247d6..02524b7da6 100644
--- a/src/qml/jsruntime/qv4object.cpp
+++ b/src/qml/jsruntime/qv4object.cpp
@@ -93,7 +93,7 @@ void Heap::Object::setUsedAsProto()
     internalClass.set(internalClass->engine, internalClass->asProtoClass());
 }
 
-ReturnedValue Object::getValueAccessor(const Value &thisObject, const Value &v, PropertyAttributes attrs)
+ReturnedValue Object::getValueAccessor(const Value *thisObject, const Value &v, PropertyAttributes attrs)
 {
     if (!attrs.isAccessor())
         return v.asReturnedValue();
@@ -103,7 +103,8 @@ ReturnedValue Object::getValueAccessor(const Value &thisObject, const Value &v,
 
     Scope scope(f->engine());
     JSCallData jsCallData(scope);
-    *jsCallData->thisObject = thisObject;
+    if (thisObject)
+        *jsCallData->thisObject = *thisObject;
     return f->call(jsCallData);
 }
 
@@ -415,7 +416,7 @@ ReturnedValue Object::internalGet(PropertyKey id, const Value *receiver, bool *h
             if (o->arrayData && o->arrayData->getProperty(index, pd, &attrs)) {
                 if (hasProperty)
                     *hasProperty = true;
-                return Object::getValue(*receiver, pd->value, attrs);
+                return Object::getValue(receiver, pd->value, attrs);
             }
             if (o->internalClass->vtable->type == Type_StringObject) {
                 ScopedString str(scope, static_cast<Heap::StringObject *>(o)->getIndex(index));
@@ -438,7 +439,7 @@ ReturnedValue Object::internalGet(PropertyKey id, const Value *receiver, bool *h
             if (idx.isValid()) {
                 if (hasProperty)
                     *hasProperty = true;
-                return Object::getValue(*receiver, *o->propertyData(idx.index), idx.attrs);
+                return Object::getValue(receiver, *o->propertyData(idx.index), idx.attrs);
             }
             o = o->prototype();
             if (!o || o->internalClass->vtable->get != Object::virtualGet)
-- 
cgit v1.2.3