diff options
author | Kent Hansen <kent.hansen@nokia.com> | 2012-06-01 20:27:05 +0200 |
---|---|---|
committer | Qt by Nokia <qt-info@nokia.com> | 2012-06-01 21:04:27 +0200 |
commit | 44062ea8e2499f8d2061c7e5be8fb754f2ba4310 (patch) | |
tree | edd26efd35448867d91981caa337e3a85c59b318 | |
parent | 48fca54118b65d6399ece5f258426144bdc2b03b (diff) | |
download | qtscript-44062ea8e2499f8d2061c7e5be8fb754f2ba4310.tar.gz |
Fix crash when accessing QObject properties through activation object
Since objects in the scope chain have to be JSActivationObjects,
QScriptContext::setActivationObject() creates a proxy object that
should delegate access to the actual object.
This case was not handled in the toQObject() conversion function, so
for activation property access through evaluation (where the
this-object would be the proxy object, not the actual QObject), the
this-object conversion to QObject would fail, and the assert
"this-object must be a QObject" was triggered.
Task-number: QTBUG-21760
Change-Id: I40e868d9717ec76e0df18d5848c6ad99546ba34f
Reviewed-by: Olivier Goffart <ogoffart@woboq.com>
-rw-r--r-- | src/script/api/qscriptengine_p.h | 4 | ||||
-rw-r--r-- | src/script/bridge/qscriptqobject.cpp | 1 | ||||
-rw-r--r-- | tests/auto/qscriptextqobject/tst_qscriptextqobject.cpp | 18 |
3 files changed, 23 insertions, 0 deletions
diff --git a/src/script/api/qscriptengine_p.h b/src/script/api/qscriptengine_p.h index 526fb1d..df52ee8 100644 --- a/src/script/api/qscriptengine_p.h +++ b/src/script/api/qscriptengine_p.h @@ -50,6 +50,7 @@ #include "bridge/qscriptobject_p.h" #include "bridge/qscriptqobject_p.h" #include "bridge/qscriptvariant_p.h" +#include "bridge/qscriptactivationobject_p.h" #include "DateConstructor.h" #include "DateInstance.h" @@ -1070,6 +1071,9 @@ inline QObject *QScriptEnginePrivate::toQObject(JSC::ExecState *exec, JSC::JSVal if (QMetaType::typeFlags(type) & QMetaType::PointerToQObject) return *reinterpret_cast<QObject* const *>(var.constData()); } + } else if (isObject(value) && value.inherits(&QScript::QScriptActivationObject::info)) { + QScript::QScriptActivationObject *proxy = static_cast<QScript::QScriptActivationObject *>(JSC::asObject(value)); + return toQObject(exec, proxy->delegate()); } #endif return 0; diff --git a/src/script/bridge/qscriptqobject.cpp b/src/script/bridge/qscriptqobject.cpp index cc4817a..962479f 100644 --- a/src/script/bridge/qscriptqobject.cpp +++ b/src/script/bridge/qscriptqobject.cpp @@ -32,6 +32,7 @@ #include "../api/qscriptable_p.h" #include "../api/qscriptcontext_p.h" #include "qscriptfunction_p.h" +#include "qscriptactivationobject_p.h" #include "Error.h" #include "PrototypeFunction.h" diff --git a/tests/auto/qscriptextqobject/tst_qscriptextqobject.cpp b/tests/auto/qscriptextqobject/tst_qscriptextqobject.cpp index 3c97aef..d4c4caf 100644 --- a/tests/auto/qscriptextqobject/tst_qscriptextqobject.cpp +++ b/tests/auto/qscriptextqobject/tst_qscriptextqobject.cpp @@ -584,6 +584,7 @@ private slots: void nestedArrayAsSlotArgument(); void nestedObjectAsSlotArgument_data(); void nestedObjectAsSlotArgument(); + void propertyAccessThroughActivationObject(); private: QScriptEngine *m_engine; @@ -3654,5 +3655,22 @@ void tst_QScriptExtQObject::nestedObjectAsSlotArgument() } } +// QTBUG-21760 +void tst_QScriptExtQObject::propertyAccessThroughActivationObject() +{ + QScriptContext *ctx = m_engine->pushContext(); + ctx->setActivationObject(m_engine->newQObject(m_myObject)); + + QVERIFY(m_engine->evaluate("intProperty").isNumber()); + QVERIFY(m_engine->evaluate("mySlot()").isUndefined()); + QVERIFY(m_engine->evaluate("mySlotWithStringArg('test')").isUndefined()); + + QVERIFY(m_engine->evaluate("dynamicProperty").isError()); + m_myObject->setProperty("dynamicProperty", 123); + QCOMPARE(m_engine->evaluate("dynamicProperty").toInt32(), 123); + + m_engine->popContext(); +} + QTEST_MAIN(tst_QScriptExtQObject) #include "tst_qscriptextqobject.moc" |