Fix crashes when running tst_qqmlecmascript with MM_AGGRESSIVE_GC

Make sure to initialize the property data (especially setter/getter) in
insertMember() right away to zero, to avoid marking uninitialized objects
in code like this when the GC happens in code like this:

Property *pd = o->insertMember(...)
f = someFunctionThatAllocates();
pd->setSetter(f);

Change-Id: I55e4846c0e5027bb95a1da13df30bcf9eca28645
Reviewed-by: Lars Knoll <lars.knoll@digia.com>

diff --git a/src/qml/qml/v4/qv4object.cpp b/src/qml/qml/v4/qv4object.cpp
index 07eaec2..b6bc353 100644 (file)
--- a/src/qml/qml/v4/qv4object.cpp
+++ b/src/qml/qml/v4/qv4object.cpp
@@ -268,6 +268,7 @@ Property *Object::insertMember(String *s, PropertyAttributes attributes)
         memberDataAlloc = qMax((uint)8, 2*memberDataAlloc);
         Property *newMemberData = new Property[memberDataAlloc];
         memcpy(newMemberData, memberData, sizeof(Property)*idx);
+        memset(newMemberData + idx, 0, sizeof(Property)*(memberDataAlloc - idx));
         if (memberData != inlineProperties)
             delete [] memberData;
         memberData = newMemberData;

diff --git a/src/qml/qml/v8/qqmlbuiltinfunctions.cpp b/src/qml/qml/v8/qqmlbuiltinfunctions.cpp
index 95b7aaf..f5ee22c 100644 (file)
--- a/src/qml/qml/v8/qqmlbuiltinfunctions.cpp
+++ b/src/qml/qml/v8/qqmlbuiltinfunctions.cpp
@@ -144,14 +144,12 @@ QV4::QtObject::QtObject(ExecutionEngine *v4, QQmlEngine *qmlEngine)
         Property *p = insertMember(s, Attr_Accessor);
         FunctionObject* f = v4->newBuiltinFunction(v4->rootContext, s, method_get_platform);
         p->setGetter(f);
-        p->setSetter(0);
     }
     {
         String *s = v4->newString(QStringLiteral("application"));
         Property *p = insertMember(s, Attr_Accessor);
         FunctionObject* f = v4->newBuiltinFunction(v4->rootContext, s, method_get_application);
         p->setGetter(f);
-        p->setSetter(0);
     }
 #ifndef QT_NO_IM
     {
@@ -159,7 +157,6 @@ QV4::QtObject::QtObject(ExecutionEngine *v4, QQmlEngine *qmlEngine)
         Property *p = insertMember(s, Attr_Accessor);
         FunctionObject* f = v4->newBuiltinFunction(v4->rootContext, s, method_get_inputMethod);
         p->setGetter(f);
-        p->setSetter(0);
     }
 #endif
 }