Merge lp:~timo-jyrinki/kubuntu-packaging/qtdeclarative_fix_marking_of_prototype_objects_in_chain into lp:~kubuntu-packagers/kubuntu-packaging/qtdeclarative-opensource-src

Proposed by Timo Jyrinki
Status: Work in progress
Proposed branch: lp:~timo-jyrinki/kubuntu-packaging/qtdeclarative_fix_marking_of_prototype_objects_in_chain
Merge into: lp:~kubuntu-packagers/kubuntu-packaging/qtdeclarative-opensource-src
Diff against target: 118 lines (+98/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/Fix-marking-of-prototype-objects-in-chain.patch (+89/-0)
debian/patches/series (+1/-0)
To merge this branch: bzr merge lp:~timo-jyrinki/kubuntu-packaging/qtdeclarative_fix_marking_of_prototype_objects_in_chain
Reviewer Review Type Date Requested Status
PS Jenkins bot continuous-integration Approve
Kubuntu Packagers Pending
Review via email: mp+214689@code.launchpad.net

Commit message

* debian/patches/Fix-marking-of-prototype-objects-in-chain.patch
  - Fix a crasher with deleted QQmlCompiledData as suggested by upstream
    (LP: #1304248)

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Approve (continuous-integration)

Unmerged revisions

143. By Timo Jyrinki

* debian/patches/Fix-marking-of-prototype-objects-in-chain.patch
  - Fix a crasher with deleted QQmlCompiledData as suggested by upstream
    (LP: #1304248)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/changelog'
--- debian/changelog 2014-04-03 08:34:03 +0000
+++ debian/changelog 2014-04-08 08:51:51 +0000
@@ -1,3 +1,11 @@
1qtdeclarative-opensource-src (5.2.1-3ubuntu14) trusty; urgency=medium
2
3 * debian/patches/Fix-marking-of-prototype-objects-in-chain.patch
4 - Fix a crasher with deleted QQmlCompiledData as suggested by upstream
5 (LP: #1304248)
6
7 -- Timo Jyrinki <timo-jyrinki@ubuntu.com> Tue, 08 Apr 2014 11:42:27 +0300
8
1qtdeclarative-opensource-src (5.2.1-3ubuntu13) trusty; urgency=medium9qtdeclarative-opensource-src (5.2.1-3ubuntu13) trusty; urgency=medium
210
3 * debian/patches/Support-RFC2822Date-date-format-similar-to-V8.patch11 * debian/patches/Support-RFC2822Date-date-format-similar-to-V8.patch
412
=== added file 'debian/patches/Fix-marking-of-prototype-objects-in-chain.patch'
--- debian/patches/Fix-marking-of-prototype-objects-in-chain.patch 1970-01-01 00:00:00 +0000
+++ debian/patches/Fix-marking-of-prototype-objects-in-chain.patch 2014-04-08 08:51:51 +0000
@@ -0,0 +1,89 @@
1From 0d90b1d646d9f443f071f474911cd7a8495d523b Mon Sep 17 00:00:00 2001
2From: Simon Hausmann <simon.hausmann@digia.com>
3Date: Mon, 7 Apr 2014 11:20:03 +0200
4Subject: [PATCH] Fix marking of prototype objects in chain
5
6With a real prototype chain it can happen that an internal class' prototype's
7class itself has a prototype. Therefore the first transition on the empty class
8is a PrototypeChange one, but the class the transition leads to may have
9PrototypeChange transitions itself, which weren't marked.
10
11There are multiple solutions to this, but this patch is the minimal fix by
12recursing fully through the internal class tree. That way it's easier to
13back-port the fix also into 5.2.x based branches.
14
15Task-number: QTBUG-37834
16
17Change-Id: I901b13a2663fbad5844003ca5752f2f304de320c
18---
19 src/qml/jsruntime/qv4internalclass.cpp | 15 ++++++---------
20 tests/auto/qml/qjsengine/tst_qjsengine.cpp | 18 ++++++++++++++++++
21 2 files changed, 24 insertions(+), 9 deletions(-)
22
23diff --git a/src/qml/jsruntime/qv4internalclass.cpp b/src/qml/jsruntime/qv4internalclass.cpp
24index 4fe8f0b..dab137b 100644
25--- a/src/qml/jsruntime/qv4internalclass.cpp
26+++ b/src/qml/jsruntime/qv4internalclass.cpp
27@@ -458,17 +458,14 @@ void InternalClass::destroy()
28 void InternalClass::markObjects()
29 {
30 // all prototype changes are done on the empty class
31- Q_ASSERT(!prototype);
32+ Q_ASSERT(!prototype || this != engine->emptyClass);
33+
34+ if (prototype)
35+ prototype->mark(engine);
36
37 for (QHash<Transition, InternalClass *>::ConstIterator it = transitions.begin(), end = transitions.end();
38- it != end; ++it) {
39- if (it.key().flags == Transition::VTableChange) {
40- it.value()->markObjects();
41- } else if (it.key().flags == Transition::ProtoChange) {
42- Q_ASSERT(it.value()->prototype);
43- it.value()->prototype->mark(engine);
44- }
45- }
46+ it != end; ++it)
47+ it.value()->markObjects();
48 }
49
50 QT_END_NAMESPACE
51diff --git a/tests/auto/qml/qjsengine/tst_qjsengine.cpp b/tests/auto/qml/qjsengine/tst_qjsengine.cpp
52index 518d3e9..7ef6bd9 100644
53--- a/tests/auto/qml/qjsengine/tst_qjsengine.cpp
54+++ b/tests/auto/qml/qjsengine/tst_qjsengine.cpp
55@@ -151,6 +151,8 @@ private slots:
56 void functionDeclarationsInConditionals();
57
58 void arrayPop_QTBUG_35979();
59+ void prototypeChainGc();
60+
61 };
62
63 tst_QJSEngine::tst_QJSEngine()
64@@ -2942,6 +2944,22 @@ void tst_QJSEngine::indexedAccesses()
65 QCOMPARE(result.toString(), QString("1,3"));
66 }
67
68+void tst_QJSEngine::prototypeChainGc()
69+{
70+ QJSEngine engine;
71+
72+ QJSValue getProto = engine.evaluate("Object.getPrototypeOf");
73+
74+ QJSValue factory = engine.evaluate("function() { return Object.create(Object.create({})); }");
75+ QVERIFY(factory.isCallable());
76+ QJSValue obj = factory.call();
77+ engine.collectGarbage();
78+
79+ QJSValue proto = getProto.call(QJSValueList() << obj);
80+ proto = getProto.call(QJSValueList() << proto);
81+ QVERIFY(proto.isObject());
82+}
83+
84 QTEST_MAIN(tst_QJSEngine)
85
86 #include "tst_qjsengine.moc"
87--
881.9.1
89
090
=== modified file 'debian/patches/series'
--- debian/patches/series 2014-04-03 08:34:03 +0000
+++ debian/patches/series 2014-04-08 08:51:51 +0000
@@ -19,3 +19,4 @@
19V4-regalloc-fix-interval-splitting-when-register-pre.patch19V4-regalloc-fix-interval-splitting-when-register-pre.patch
200001-Call-tzset-from-getLocalTZA-so-we-learn-about-tz-cha.patch200001-Call-tzset-from-getLocalTZA-so-we-learn-about-tz-cha.patch
21Support-RFC2822Date-date-format-similar-to-V8.patch21Support-RFC2822Date-date-format-similar-to-V8.patch
22Fix-marking-of-prototype-objects-in-chain.patch

Subscribers

People subscribed via source and target branches