diff options
author | Kent Hansen <kent.hansen@nokia.com> | 2012-06-01 20:27:05 +0200 |
---|---|---|
committer | Qt by Nokia <qt-info@nokia.com> | 2012-06-01 21:04:27 +0200 |
commit | 44062ea8e2499f8d2061c7e5be8fb754f2ba4310 (patch) | |
tree | edd26efd35448867d91981caa337e3a85c59b318 /src/script/api/qscriptengine_p.h | |
parent | 48fca54118b65d6399ece5f258426144bdc2b03b (diff) | |
download | qtscript-44062ea8e2499f8d2061c7e5be8fb754f2ba4310.tar.gz |
Fix crash when accessing QObject properties through activation object
Since objects in the scope chain have to be JSActivationObjects,
QScriptContext::setActivationObject() creates a proxy object that
should delegate access to the actual object.
This case was not handled in the toQObject() conversion function, so
for activation property access through evaluation (where the
this-object would be the proxy object, not the actual QObject), the
this-object conversion to QObject would fail, and the assert
"this-object must be a QObject" was triggered.
Task-number: QTBUG-21760
Change-Id: I40e868d9717ec76e0df18d5848c6ad99546ba34f
Reviewed-by: Olivier Goffart <ogoffart@woboq.com>
Diffstat (limited to 'src/script/api/qscriptengine_p.h')
-rw-r--r-- | src/script/api/qscriptengine_p.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/script/api/qscriptengine_p.h b/src/script/api/qscriptengine_p.h index 526fb1d..df52ee8 100644 --- a/src/script/api/qscriptengine_p.h +++ b/src/script/api/qscriptengine_p.h @@ -50,6 +50,7 @@ #include "bridge/qscriptobject_p.h" #include "bridge/qscriptqobject_p.h" #include "bridge/qscriptvariant_p.h" +#include "bridge/qscriptactivationobject_p.h" #include "DateConstructor.h" #include "DateInstance.h" @@ -1070,6 +1071,9 @@ inline QObject *QScriptEnginePrivate::toQObject(JSC::ExecState *exec, JSC::JSVal if (QMetaType::typeFlags(type) & QMetaType::PointerToQObject) return *reinterpret_cast<QObject* const *>(var.constData()); } + } else if (isObject(value) && value.inherits(&QScript::QScriptActivationObject::info)) { + QScript::QScriptActivationObject *proxy = static_cast<QScript::QScriptActivationObject *>(JSC::asObject(value)); + return toQObject(exec, proxy->delegate()); } #endif return 0; |