From 44062ea8e2499f8d2061c7e5be8fb754f2ba4310 Mon Sep 17 00:00:00 2001 From: Kent Hansen Date: Fri, 1 Jun 2012 20:27:05 +0200 Subject: Fix crash when accessing QObject properties through activation object Since objects in the scope chain have to be JSActivationObjects, QScriptContext::setActivationObject() creates a proxy object that should delegate access to the actual object. This case was not handled in the toQObject() conversion function, so for activation property access through evaluation (where the this-object would be the proxy object, not the actual QObject), the this-object conversion to QObject would fail, and the assert "this-object must be a QObject" was triggered. Task-number: QTBUG-21760 Change-Id: I40e868d9717ec76e0df18d5848c6ad99546ba34f Reviewed-by: Olivier Goffart --- src/script/api/qscriptengine_p.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/script/api/qscriptengine_p.h') diff --git a/src/script/api/qscriptengine_p.h b/src/script/api/qscriptengine_p.h index 526fb1d..df52ee8 100644 --- a/src/script/api/qscriptengine_p.h +++ b/src/script/api/qscriptengine_p.h @@ -50,6 +50,7 @@ #include "bridge/qscriptobject_p.h" #include "bridge/qscriptqobject_p.h" #include "bridge/qscriptvariant_p.h" +#include "bridge/qscriptactivationobject_p.h" #include "DateConstructor.h" #include "DateInstance.h" @@ -1070,6 +1071,9 @@ inline QObject *QScriptEnginePrivate::toQObject(JSC::ExecState *exec, JSC::JSVal if (QMetaType::typeFlags(type) & QMetaType::PointerToQObject) return *reinterpret_cast(var.constData()); } + } else if (isObject(value) && value.inherits(&QScript::QScriptActivationObject::info)) { + QScript::QScriptActivationObject *proxy = static_cast(JSC::asObject(value)); + return toQObject(exec, proxy->delegate()); } #endif return 0; -- cgit v1.2.1