From 91ed06b767aa4993d28c8b2db4900c319098b035 Mon Sep 17 00:00:00 2001 From: Lars Knoll Date: Thu, 14 Jul 2016 11:58:14 +0200 Subject: Fix logic bug when deleting properties of JS objects The code used the size of the internal class in an inconsistent way. It should simply compute and work with the old internal class size, as that reflects the old object layout. [ChangeLog][QtQml] Fix assertion when deleting properties of JS objects Task-number: QTBUG-54589 Change-Id: Ie3db70437e780215d08a1a96491db75f8b859754 Reviewed-by: Robin Burchell Reviewed-by: Simon Hausmann --- tests/auto/qml/qqmlecmascript/data/qtbug_54589.qml | 16 ++++++++++++++++ tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp | 11 +++++++++++ 2 files changed, 27 insertions(+) create mode 100644 tests/auto/qml/qqmlecmascript/data/qtbug_54589.qml (limited to 'tests/auto/qml/qqmlecmascript') diff --git a/tests/auto/qml/qqmlecmascript/data/qtbug_54589.qml b/tests/auto/qml/qqmlecmascript/data/qtbug_54589.qml new file mode 100644 index 0000000000..8f7d5f2a70 --- /dev/null +++ b/tests/auto/qml/qqmlecmascript/data/qtbug_54589.qml @@ -0,0 +1,16 @@ +import QtQuick 2.0 + +QtObject { + function checkPropertyDeletion() { + var o = { + x: 1, + y: 2 + }; + o.z = 3 + delete o.y; + + return (o.x === 1 && o.y === undefined && o.z === 3) + } + + property bool result: checkPropertyDeletion() +} diff --git a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp index 08ebfbbbcf..2ec296ae66 100644 --- a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp +++ b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp @@ -328,6 +328,7 @@ private slots: void switchExpression(); void qtbug_46022(); void qtbug_52340(); + void qtbug_54589(); private: // static void propertyVarWeakRefCallback(v8::Persistent object, void* parameter); @@ -7922,6 +7923,16 @@ void tst_qqmlecmascript::qtbug_52340() QVERIFY(returnValue.toBool()); } +void tst_qqmlecmascript::qtbug_54589() +{ + QQmlComponent component(&engine, testFileUrl("qtbug_54589.qml")); + + QScopedPointer obj(component.create()); + QVERIFY(obj != 0); + QCOMPARE(obj->property("result").toBool(), true); +} + + QTEST_MAIN(tst_qqmlecmascript) #include "tst_qqmlecmascript.moc" -- cgit v1.2.3 From 06ed1ad17abe1ef597d4ecf86962da5ac21365e5 Mon Sep 17 00:00:00 2001 From: Erik Verbruggen Date: Tue, 19 Jul 2016 11:28:14 +0200 Subject: JS: Check for errors before using sub-expression results Specifically: don't de-reference a result and assume that it's not-null. Task-number: QTBUG-54687 Change-Id: If07d3250a95a7815ab7a3262b88e0227965ef8e7 Reviewed-by: Simon Hausmann --- tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'tests/auto/qml/qqmlecmascript') diff --git a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp index 2ec296ae66..aaa72d48cd 100644 --- a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp +++ b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp @@ -329,6 +329,7 @@ private slots: void qtbug_46022(); void qtbug_52340(); void qtbug_54589(); + void qtbug_54687(); private: // static void propertyVarWeakRefCallback(v8::Persistent object, void* parameter); @@ -7932,6 +7933,12 @@ void tst_qqmlecmascript::qtbug_54589() QCOMPARE(obj->property("result").toBool(), true); } +void tst_qqmlecmascript::qtbug_54687() +{ + QJSEngine e; + // it's simple: this shouldn't crash. + engine.evaluate("12\n----12"); +} QTEST_MAIN(tst_qqmlecmascript) -- cgit v1.2.3