From 718dc1e87de2cb991e4000e480ea61bf5d559e62 Mon Sep 17 00:00:00 2001 From: Jedrzej Nowacki Date: Thu, 18 Nov 2010 12:03:19 +0200 Subject: Fix QScriptValue::construct. It is not allowed to mix values that were created in different QScriptEngine instances. Reviewed-by: Kent Hansen --- src/script/api/qscriptvalue.cpp | 15 ++++++++++++++- tests/auto/qscriptvalue/tst_qscriptvalue.cpp | 12 ++++++++++++ tests/auto/qscriptvalue/tst_qscriptvalue.h | 1 + 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/src/script/api/qscriptvalue.cpp b/src/script/api/qscriptvalue.cpp index 8cd4057..6ce54f5 100644 --- a/src/script/api/qscriptvalue.cpp +++ b/src/script/api/qscriptvalue.cpp @@ -1716,7 +1716,14 @@ QScriptValue QScriptValue::construct(const QScriptValueList &args) QVarLengthArray argsVector(args.size()); for (int i = 0; i < args.size(); ++i) { - if (!args.at(i).isValid()) + QScriptValue arg = args.at(i); + if (QScriptValuePrivate::getEngine(arg) != d->engine && QScriptValuePrivate::getEngine(arg)) { + qWarning("QScriptValue::construct() failed: " + "cannot construct function with argument created in " + "a different engine"); + return QScriptValue(); + } + if (!arg.isValid()) argsVector[i] = JSC::jsUndefined(); else argsVector[i] = d->engine->scriptValueToJSCValue(args.at(i)); @@ -1766,6 +1773,12 @@ QScriptValue QScriptValue::construct(const QScriptValue &arguments) JSC::ExecState *exec = d->engine->currentFrame; + if (QScriptValuePrivate::getEngine(arguments) != d->engine && QScriptValuePrivate::getEngine(arguments)) { + qWarning("QScriptValue::construct() failed: " + "cannot construct function with argument created in " + "a different engine"); + return QScriptValue(); + } JSC::JSValue array = d->engine->scriptValueToJSCValue(arguments); // copied from runtime/FunctionPrototype.cpp, functionProtoFuncApply() JSC::MarkedArgumentBuffer applyArgs; diff --git a/tests/auto/qscriptvalue/tst_qscriptvalue.cpp b/tests/auto/qscriptvalue/tst_qscriptvalue.cpp index 3fde1a9..97bbf26 100644 --- a/tests/auto/qscriptvalue/tst_qscriptvalue.cpp +++ b/tests/auto/qscriptvalue/tst_qscriptvalue.cpp @@ -3068,6 +3068,18 @@ void tst_QScriptValue::construct() QCOMPARE(ret6.toString(), QString::fromLatin1("TypeError: Arguments must be an array")); } +void tst_QScriptValue::construct_twoEngines() +{ + QScriptEngine engine; + QScriptEngine otherEngine; + QScriptValue ctor = engine.evaluate("(function (a, b) { this.foo = 123; })"); + QScriptValue arg(&otherEngine, 124567); + QTest::ignoreMessage(QtWarningMsg, "QScriptValue::construct() failed: cannot construct function with argument created in a different engine"); + QVERIFY(!ctor.construct(arg).isValid()); + QTest::ignoreMessage(QtWarningMsg, "QScriptValue::construct() failed: cannot construct function with argument created in a different engine"); + QVERIFY(!ctor.construct(QScriptValueList() << arg << otherEngine.newObject()).isValid()); +} + void tst_QScriptValue::construct_constructorThrowsPrimitive() { QScriptEngine eng; diff --git a/tests/auto/qscriptvalue/tst_qscriptvalue.h b/tests/auto/qscriptvalue/tst_qscriptvalue.h index 9c7b06e..46f5526 100644 --- a/tests/auto/qscriptvalue/tst_qscriptvalue.h +++ b/tests/auto/qscriptvalue/tst_qscriptvalue.h @@ -168,6 +168,7 @@ private slots: void construct_returnInt(); void construct_throw(); void construct(); + void construct_twoEngines(); void construct_constructorThrowsPrimitive(); void castToPointer(); void prettyPrinter_data(); -- cgit v0.12