From db7b7d4161048ec481d80deaac5ff8cfa9487626 Mon Sep 17 00:00:00 2001
From: Lars Knoll <lars.knoll@theqtcompany.com>
Date: Wed, 3 Dec 2014 10:42:07 +0100
Subject: Return a Heap object from the getter()/setter() methods of Property

We actually need to put the returned value into a ScopedFunctionObject
before calling it, as the Property could get deleted during the call
leading to a dangling pointer. With a GC that moves objects this will
become even more important.

Change-Id: I43bece6f80eb3501c1291065846e230a59ae8aed
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
---
 src/qml/jsruntime/qv4object.cpp | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

(limited to 'src/qml/jsruntime/qv4object.cpp')

diff --git a/src/qml/jsruntime/qv4object.cpp b/src/qml/jsruntime/qv4object.cpp
index d129175ed8..cb2ff842d8 100644
--- a/src/qml/jsruntime/qv4object.cpp
+++ b/src/qml/jsruntime/qv4object.cpp
@@ -84,11 +84,11 @@ ReturnedValue Object::getValue(const ValueRef thisObject, const Property *p, Pro
 {
     if (!attrs.isAccessor())
         return p->value.asReturnedValue();
-    FunctionObject *getter = p->getter();
-    if (!getter)
+    if (!p->getter())
         return Encode::undefined();
 
-    Scope scope(getter->engine());
+    Scope scope(p->getter()->internalClass->engine);
+    ScopedFunctionObject getter(scope, p->getter());
     ScopedCallData callData(scope);
     callData->thisObject = *thisObject;
     return getter->call(callData);
@@ -100,12 +100,13 @@ void Object::putValue(Property *pd, PropertyAttributes attrs, const ValueRef val
         return;
 
     if (attrs.isAccessor()) {
-        if (FunctionObject *set = pd->setter()) {
-            Scope scope(set->engine());
+        if (Heap::FunctionObject *set = pd->setter()) {
+            Scope scope(set->internalClass->engine);
+            ScopedFunctionObject setter(scope, set);
             ScopedCallData callData(scope, 1);
             callData->args[0] = *value;
             callData->thisObject = this;
-            set->call(callData);
+            setter->call(callData);
             return;
         }
         goto reject;
@@ -713,10 +714,11 @@ void Object::internalPut(String *name, const ValueRef value)
         assert(pd->setter() != 0);
 
         Scope scope(engine());
+        ScopedFunctionObject setter(scope, pd->setter());
         ScopedCallData callData(scope, 1);
         callData->args[0] = *value;
         callData->thisObject = this;
-        pd->setter()->call(callData);
+        setter->call(callData);
         return;
     }
 
@@ -786,10 +788,11 @@ void Object::internalPutIndexed(uint index, const ValueRef value)
         assert(pd->setter() != 0);
 
         Scope scope(engine());
+        ScopedFunctionObject setter(scope, pd->setter());
         ScopedCallData callData(scope, 1);
         callData->args[0] = *value;
         callData->thisObject = this;
-        pd->setter()->call(callData);
+        setter->call(callData);
         return;
     }
 
-- 
cgit v1.2.3