From b54679fcd0c183f3e85fc6ab89033b6f8d510e45 Mon Sep 17 00:00:00 2001
From: Lars Knoll <lars.knoll@qt.io>
Date: Tue, 13 Mar 2018 21:57:00 +0100
Subject: Fix a crash in Object.proto.propertyIsEnumerable

If the property being queried is an array index, we would call
ArrayData::getProperty with a the Property pointer being null. We
correctly handle this for named properties, but didn't here.

Change-Id: Iba98a13f276432f273545c87cfc998fe64f45c51
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
---
 src/qml/jsruntime/qv4arraydata_p.h | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'src/qml')

diff --git a/src/qml/jsruntime/qv4arraydata_p.h b/src/qml/jsruntime/qv4arraydata_p.h
index 9356670b6d..b2573b4491 100644
--- a/src/qml/jsruntime/qv4arraydata_p.h
+++ b/src/qml/jsruntime/qv4arraydata_p.h
@@ -304,9 +304,11 @@ bool ArrayData::getProperty(uint index, Property *p, PropertyAttributes *attrs)
     }
 
     *attrs = attributes(index);
-    p->value = *(Index{ this, mapped });
-    if (attrs->isAccessor())
-        p->set = *(Index{ this, mapped + 1 /*Object::SetterOffset*/ });
+    if (p) {
+        p->value = *(Index{ this, mapped });
+        if (attrs->isAccessor())
+            p->set = *(Index{ this, mapped + 1 /*Object::SetterOffset*/ });
+    }
     return true;
 }
 
-- 
cgit v1.2.3