From 5cf95512af83fc6a0f70d3493be571accaf50d84 Mon Sep 17 00:00:00 2001 From: Lars Knoll Date: Fri, 3 Jan 2014 11:58:03 +0100 Subject: Fixes for argument objects Fix a possible infinite recursion, and a corner case where we wouldn't set the correct data when writing to the argument object Change-Id: Ia64b9f62e9b881e24d74e23d96d5eb27805a126f Reviewed-by: Simon Hausmann --- src/qml/jsruntime/qv4argumentsobject.cpp | 2 +- src/qml/jsruntime/qv4object.cpp | 13 +++++++++++-- src/qml/jsruntime/qv4object_p.h | 1 + src/qml/jsruntime/qv4runtime.cpp | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/qml/jsruntime/qv4argumentsobject.cpp b/src/qml/jsruntime/qv4argumentsobject.cpp index 9879f2a85b..f157796bea 100644 --- a/src/qml/jsruntime/qv4argumentsobject.cpp +++ b/src/qml/jsruntime/qv4argumentsobject.cpp @@ -131,7 +131,7 @@ bool ArgumentsObject::defineOwnProperty(ExecutionContext *ctx, uint index, const bool strict = ctx->strictMode; ctx->strictMode = false; - bool result = Object::__defineOwnProperty__(ctx, index, desc, attrs); + bool result = Object::defineOwnProperty2(ctx, index, desc, attrs); ctx->strictMode = strict; if (isMapped && attrs.isData()) { diff --git a/src/qml/jsruntime/qv4object.cpp b/src/qml/jsruntime/qv4object.cpp index 53db957189..fb56d623fd 100644 --- a/src/qml/jsruntime/qv4object.cpp +++ b/src/qml/jsruntime/qv4object.cpp @@ -973,8 +973,6 @@ reject: bool Object::__defineOwnProperty__(ExecutionContext *ctx, uint index, const Property &p, PropertyAttributes attrs) { - Property *current = 0; - // 15.4.5.1, 4b if (isArrayObject() && index >= arrayLength() && !internalClass->propertyData[ArrayObject::LengthPropertyIndex].isWritable()) goto reject; @@ -982,6 +980,17 @@ bool Object::__defineOwnProperty__(ExecutionContext *ctx, uint index, const Prop if (ArgumentsObject::isNonStrictArgumentsObject(this)) return static_cast(this)->defineOwnProperty(ctx, index, p, attrs); + return defineOwnProperty2(ctx, index, p, attrs); +reject: + if (ctx->strictMode) + ctx->throwTypeError(); + return false; +} + +bool Object::defineOwnProperty2(ExecutionContext *ctx, uint index, const Property &p, PropertyAttributes attrs) +{ + Property *current = 0; + // Clause 1 { uint pidx = propertyIndexFromArrayIndex(index); diff --git a/src/qml/jsruntime/qv4object_p.h b/src/qml/jsruntime/qv4object_p.h index b172ddb7cd..a5f118c359 100644 --- a/src/qml/jsruntime/qv4object_p.h +++ b/src/qml/jsruntime/qv4object_p.h @@ -150,6 +150,7 @@ struct Q_QML_EXPORT Object: Managed { bool __defineOwnProperty__(ExecutionContext *ctx, const StringRef name, const Property &p, PropertyAttributes attrs); bool __defineOwnProperty__(ExecutionContext *ctx, uint index, const Property &p, PropertyAttributes attrs); bool __defineOwnProperty__(ExecutionContext *ctx, const QString &name, const Property &p, PropertyAttributes attrs); + bool defineOwnProperty2(ExecutionContext *ctx, uint index, const Property &p, PropertyAttributes attrs); // // helpers diff --git a/src/qml/jsruntime/qv4runtime.cpp b/src/qml/jsruntime/qv4runtime.cpp index 304a4a4f0e..23549fe7ef 100644 --- a/src/qml/jsruntime/qv4runtime.cpp +++ b/src/qml/jsruntime/qv4runtime.cpp @@ -616,7 +616,7 @@ void __qmljs_set_element(ExecutionContext *ctx, const ValueRef object, const Val uint idx = index->asArrayIndex(); if (idx < UINT_MAX) { uint pidx = o->propertyIndexFromArrayIndex(idx); - if (pidx < UINT_MAX) { + if (pidx < UINT_MAX && !o->asArgumentsObject()) { if (o->arrayData.attributes && !o->arrayData.attributes[pidx].isEmpty() && !o->arrayData.attributes[pidx].isWritable()) { if (ctx->strictMode) ctx->throwTypeError(); -- cgit v1.2.3