Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix crash caused by dereferencing collected v8 data
If a var property of a QObject is read after the v8 data associated with the qobject has been deleted but prior to the DeferredDelete event being processed, the varProperties array will be null and a crash will occur. This patch ensures that we check for this condition in both the access and set codepaths for var properties, and also ensures that an object which has previously been queued for deletion cannot be referenced in JS. Finally, it adds a unit test to ensure that we don't regress. Task-number: QTBUG-24748 Change-Id: Idde384ca01e18f4dcf9e376e9379f2c5eb410e14 Reviewed-by: Michael Brasser <michael.brasser@nokia.com>
- Loading branch information
Chris Adams
authored and
Qt by Nokia
committed
Mar 15, 2012
1 parent
147247a
commit 2579327
Showing
8 changed files
with
79 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
import QtQuick 2.0 | ||
|
||
Item { | ||
property var varprop: true | ||
} |
28 changes: 28 additions & 0 deletions
28
tests/auto/qml/qqmlecmascript/data/propertyVarOwnership.5.qml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
import QtQuick 2.0 | ||
import Qt.test 1.0 as ModuleApi | ||
|
||
Item { | ||
id: testOwnership | ||
property bool test: false | ||
|
||
function runTest() { | ||
var o; | ||
var c = Qt.createComponent("ComponentWithVarProp.qml"); | ||
if (c.status == Component.Ready) { | ||
o = c.createObject(); | ||
} else { | ||
return; // failed to create component. | ||
} | ||
o.varprop = true; // causes initialization of varProperties. | ||
ModuleApi.trackObject(o); // stores QObject ptr | ||
if (ModuleApi.trackedObject() == null) return; // is still valid, should have a valid v8object. | ||
o = new Date(); // causes object to be gc-able. | ||
gc(); // collect object's v8object + varProperties, queues deleteLater. | ||
if (ModuleApi.trackedObject() != null) return; // v8object was previously collected. | ||
ModuleApi.setTrackedObjectProperty("varprop"); // deferences varProperties of object. | ||
test = !(ModuleApi.trackedObjectProperty("varprop")); // deferences varProperties of object. | ||
// if we didn't crash, success. | ||
} | ||
} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters