review.tizen.org Git - platform/upstream/qtdeclarative.git/commit

Fix memory corruption when multiple QML engines have JavaScript wrappers for the same QObject

It's possible that the same QObject is exposed to multiple JavaScript
environments, for which we have this "extra" hack in the form of a QMap. The
common case is that QQmlData has a QV4::WeakValue that points to the JS wrapper
for the object. However in the rare case of multiple exposure, a map in the
other engines stores those references. That map was erroneously storing
pointers to temporary values on the JS stack instead of heap pointers.

Change-Id: I8587f9921a9b4f9efd288326d00cebc25ad0bc12
Task-number: QTBUG-45051
Reviewed-by: Lars Knoll <lars.knoll@digia.com>

author	Simon Hausmann <simon.hausmann@theqtcompany.com>
	Tue, 28 Apr 2015 13:38:09 +0000 (15:38 +0200)
committer	Simon Hausmann <simon.hausmann@theqtcompany.com>
	Fri, 8 May 2015 04:08:10 +0000 (04:08 +0000)
commit	3b5d37ce3841c4bfdf1c629d33f0e33b881b47fb
tree	8b67170484d8675366f72d14af43e62849878a15	tree \| snapshot
parent	d0dc7cec78e182f04726c5a2adade80dc2983bcf	commit \| diff

src/qml/jsruntime/qv4mm.cpp		diff \| blob \| history
src/qml/jsruntime/qv4qobjectwrapper.cpp		diff \| blob \| history
src/qml/jsruntime/qv4qobjectwrapper_p.h		diff \| blob \| history
src/qml/qml/qqmldata_p.h		diff \| blob \| history