From bc2427ce32efbfa3759e2658ba53289428527071 Mon Sep 17 00:00:00 2001 From: Lars Knoll Date: Tue, 17 Oct 2017 15:14:59 +0200 Subject: Never truncate the JS stack Truncating it can lead to all sorts of crazy side effects, especially as we'd be extending it again when leaving the function. When that happens already freed JS objects could suddenly become visible to the GC again. Fix this by copying the CallData to set up a new stack frame. This is not yet ideal, as we're copying too much data, but that can be fixed separately. Change-Id: I02a39ce479475bae326f9eddfe6654fbcf8e6d35 Reviewed-by: Lars Knoll --- tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp') diff --git a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp index 899f14b51d..faab61cd3d 100644 --- a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp +++ b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp @@ -344,6 +344,7 @@ private slots: void singleBlockLoops(); void qtbug_60547(); void delayLoadingArgs(); + void manyArguments(); private: // static void propertyVarWeakRefCallback(v8::Persistent object, void* parameter); @@ -8375,6 +8376,17 @@ void tst_qqmlecmascript::delayLoadingArgs() QCOMPARE(ret.toInt(), 42); // esp. not 44. } +void tst_qqmlecmascript::manyArguments() +{ + const char *testCase = + "function x() { var sum; for (var i = 0; i < arguments.length; ++i) sum += arguments[i][0]; }" + "x([0],[1],[2],[3],[4],[5],[6],[7],[8],[9], [0],[1],[2],[3],[4],[5],[6],[7],[8],[9], [0],[1],[2],[3],[4],[5],[6],[7],[8],[9])"; + + QJSEngine engine; + engine.evaluate(testCase); +} + + QTEST_MAIN(tst_qqmlecmascript) #include "tst_qqmlecmascript.moc" -- cgit v1.2.3