diff options
author | Alexandra Cherdantseva <neluhus.vagus@gmail.com> | 2019-02-18 14:57:27 +0300 |
---|---|---|
committer | Konstantin Tokarev <annulen@yandex.ru> | 2019-04-17 15:46:36 +0000 |
commit | 484e9de6d86d011bd349890cba87a25554b0f672 (patch) | |
tree | fbae02a39db4aa73557d9c70ffd120d678c508bb | |
parent | ba51b7a53420a5de576f6d07b2f4feab5ea4d21a (diff) |
Fix thisObject() of QScriptable argument for String(), etc
When `String(object)` is evaluated, and `object` is a QObject or some
custom object with native prototype, then `object.toString()` will be
called with incorrect `this`. This also applies for Number(), Boolean()
and other built-in constructors.
Change-Id: I0219f0e119c1e29d80e4c0f856421352715e9e6e
Reviewed-by: Konstantin Tokarev <annulen@yandex.ru>
-rw-r--r-- | src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp | 2 | ||||
-rw-r--r-- | src/script/api/qscriptengine.cpp | 2 | ||||
-rw-r--r-- | tests/auto/qscriptable/tst_qscriptable.cpp | 45 | ||||
-rw-r--r-- | tests/auto/qscriptextqobject/tst_qscriptextqobject.cpp | 2 |
4 files changed, 48 insertions, 3 deletions
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp index 9f60761..f9f77b1 100644 --- a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp +++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp @@ -1762,7 +1762,7 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_call_NotJSFunction) CallFrame* previousCallFrame = stackFrame.callFrame; CallFrame* callFrame = CallFrame::create(previousCallFrame->registers() + registerOffset); - callFrame->init(0, static_cast<Instruction*>((STUB_RETURN_ADDRESS).value()), previousCallFrame->scopeChain(), previousCallFrame, 0, argCount, 0); + callFrame->init(0, static_cast<Instruction*>((STUB_RETURN_ADDRESS).value()), previousCallFrame->scopeChain(), previousCallFrame, 0, argCount, asObject(funcVal)); stackFrame.callFrame = callFrame; Register* argv = stackFrame.callFrame->registers() - RegisterFile::CallFrameHeaderSize - argCount; diff --git a/src/script/api/qscriptengine.cpp b/src/script/api/qscriptengine.cpp index c5f437b..5bd399f 100644 --- a/src/script/api/qscriptengine.cpp +++ b/src/script/api/qscriptengine.cpp @@ -2837,7 +2837,7 @@ JSC::CallFrame *QScriptEnginePrivate::pushContext(JSC::CallFrame *exec, JSC::JSV JSC::CallFrame *newCallFrame = exec; if (callee == 0 //called from public QScriptEngine::pushContext || exec->returnPC() == 0 || (contextFlags(exec) & NativeContext) //called from native-native call - || (exec->codeBlock() && exec->callee() != callee)) { //the interpreter did not build a frame for us. + || exec->callee() != callee) { //the interpreter did not build a frame for us. //We need to check if the Interpreter might have already created a frame for function called from JS. JSC::Interpreter *interp = exec->interpreter(); JSC::Register *oldEnd = interp->registerFile().end(); diff --git a/tests/auto/qscriptable/tst_qscriptable.cpp b/tests/auto/qscriptable/tst_qscriptable.cpp index 1a0fbe1..b800613 100644 --- a/tests/auto/qscriptable/tst_qscriptable.cpp +++ b/tests/auto/qscriptable/tst_qscriptable.cpp @@ -73,6 +73,9 @@ public slots: QScriptValue getArguments(); int getArgumentCount(); + QString toString() const; + int valueOf() const; + signals: void sig(int); @@ -172,6 +175,16 @@ bool MyScriptable::isBar() return str.contains(QLatin1Char('@')); } +QString MyScriptable::toString() const +{ + return thisObject().property("objectName").toString(); +} + +int MyScriptable::valueOf() const +{ + return thisObject().property("baz").toInt32(); +} + class tst_QScriptable : public QObject { Q_OBJECT @@ -188,6 +201,8 @@ private slots: void thisObject(); void arguments(); void throwError(); + void stringConstructor(); + void numberConstructor(); private: QScriptEngine m_engine; @@ -386,5 +401,35 @@ void tst_QScriptable::throwError() QCOMPARE(ret.toString(), QString("Error: MyScriptable.foo")); } +void tst_QScriptable::stringConstructor() +{ + m_scriptable.setObjectName("TestObject"); + + m_engine.globalObject().setProperty("js_obj", m_engine.newObject()); + m_engine.evaluate( + "js_obj.str = scriptable.toString();" + "js_obj.toString = function() { return this.str }"); + + QCOMPARE(m_engine.evaluate("String(scriptable)").toString(), + m_engine.evaluate("String(js_obj)").toString()); + + QCOMPARE(m_engine.evaluate("String(scriptable)").toString(), + m_engine.evaluate("scriptable.toString()").toString()); +} + +void tst_QScriptable::numberConstructor() +{ + m_engine.globalObject().setProperty("js_obj", m_engine.newObject()); + m_engine.evaluate( + "js_obj.num = scriptable.valueOf();" + "js_obj.valueOf = function() { return this.num }"); + + QCOMPARE(m_engine.evaluate("Number(scriptable)").toInt32(), + m_engine.evaluate("Number(js_obj)").toInt32()); + + QCOMPARE(m_engine.evaluate("Number(scriptable)").toInt32(), + m_engine.evaluate("scriptable.valueOf()").toInt32()); +} + QTEST_MAIN(tst_QScriptable) #include "tst_qscriptable.moc" diff --git a/tests/auto/qscriptextqobject/tst_qscriptextqobject.cpp b/tests/auto/qscriptextqobject/tst_qscriptextqobject.cpp index e199d71..58fee07 100644 --- a/tests/auto/qscriptextqobject/tst_qscriptextqobject.cpp +++ b/tests/auto/qscriptextqobject/tst_qscriptextqobject.cpp @@ -1354,7 +1354,7 @@ void tst_QScriptExtQObject::callQtInvokable2() // first time we expect failure because the metatype is not registered m_myObject->resetQtFunctionInvoked(); - QCOMPARE(QMetaType::type("QVector<CustomType>"), QMetaType::UnknownType); // this type should not be registered yet + QCOMPARE(QMetaType::Type(QMetaType::type("QVector<CustomType>")), QMetaType::UnknownType); // this type should not be registered yet QCOMPARE(m_engine->evaluate("myObject.myInvokableReturningVectorOfCustomType()").isError(), true); QCOMPARE(m_myObject->qtFunctionInvoked(), -1); |