git.six.silmor.de Git - konrad/qtdeclarative.git/commit

author	Chris Adams <christopher.adams@nokia.com>
	Tue, 13 Mar 2012 03:30:39 +0000 (13:30 +1000)
committer	Qt by Nokia <qt-info@nokia.com>
	Thu, 15 Mar 2012 01:44:40 +0000 (02:44 +0100)
commit	25793276e52240e4dfad297dc5b9eb282ed3f5e6
tree	2c28122e886334703cd3f6cdd17cba759209b313	tree \| snapshot
parent	147247a31a9d6c1edadb0c7c78cf10b894dfab25	commit \| diff

Fix crash caused by dereferencing collected v8 data

If a var property of a QObject is read after the v8 data associated
with the qobject has been deleted but prior to the DeferredDelete
event being processed, the varProperties array will be null and
a crash will occur.

This patch ensures that we check for this condition in both the
access and set codepaths for var properties, and also ensures
that an object which has previously been queued for deletion cannot
be referenced in JS.

Finally, it adds a unit test to ensure that we don't regress.

Task-number: QTBUG-24748
Change-Id: Idde384ca01e18f4dcf9e376e9379f2c5eb410e14
Reviewed-by: Michael Brasser <michael.brasser@nokia.com>

src/qml/qml/qqmldata_p.h		diff \| blob \| history
src/qml/qml/qqmlvmemetaobject.cpp		diff \| blob \| history
src/qml/qml/qqmlvmemetaobject_p.h		diff \| blob \| history
src/qml/qml/v8/qv8qobjectwrapper.cpp		diff \| blob \| history
tests/auto/qml/qqmlecmascript/data/ComponentWithVarProp.qml	[new file with mode: 0644]	blob
tests/auto/qml/qqmlecmascript/data/propertyVarOwnership.5.qml	[new file with mode: 0644]	blob
tests/auto/qml/qqmlecmascript/testtypes.h		diff \| blob \| history
tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp		diff \| blob \| history