From 5f24122c780b462d7091abc12c9861d1e9713dca Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Sat, 22 Dec 2018 10:56:52 +0100 Subject: Fix lookups the transition between primitive strings and string objects Suppose we have function foo(x) { return x.constructor; } and we call it first with foo("hello") then the lookup will be initialized with a primitive getter from the prototype. When we subsequently call foo(new String("world")) then the primitiveGetterProto() will check that the provided object is of the same type as last time, which erroneously succeeds. Indeed, both are of Managed type. However now we're passing a full-fledged object, which is not a primitive anymore - hence the additional check to ensure that we fall back to the generic getter. Task-number: QTBUG-69898 Change-Id: I3c7a8384bfdf0e31b7c6247cce80fe7448b627b3 Reviewed-by: Ulf Hermann --- src/qml/jsruntime/qv4lookup.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/qml/jsruntime') diff --git a/src/qml/jsruntime/qv4lookup.cpp b/src/qml/jsruntime/qv4lookup.cpp index 790a5843c2..54bce7d7b3 100644 --- a/src/qml/jsruntime/qv4lookup.cpp +++ b/src/qml/jsruntime/qv4lookup.cpp @@ -379,7 +379,7 @@ ReturnedValue Lookup::getterIndexed(Lookup *l, ExecutionEngine *engine, const Va ReturnedValue Lookup::primitiveGetterProto(Lookup *l, ExecutionEngine *engine, const Value &object) { - if (object.type() == l->primitiveLookup.type) { + if (object.type() == l->primitiveLookup.type && !object.isObject()) { Heap::Object *o = l->primitiveLookup.proto; if (l->primitiveLookup.protoId == o->internalClass->protoId) return l->primitiveLookup.data->asReturnedValue(); @@ -390,7 +390,7 @@ ReturnedValue Lookup::primitiveGetterProto(Lookup *l, ExecutionEngine *engine, c ReturnedValue Lookup::primitiveGetterAccessor(Lookup *l, ExecutionEngine *engine, const Value &object) { - if (object.type() == l->primitiveLookup.type) { + if (object.type() == l->primitiveLookup.type && !object.isObject()) { Heap::Object *o = l->primitiveLookup.proto; if (l->primitiveLookup.protoId == o->internalClass->protoId) { const Value *getter = l->primitiveLookup.data; -- cgit v1.2.3