Fixes for argument objects

Fix a possible infinite recursion, and a corner
case where we wouldn't set the correct data when
writing to the argument object

Change-Id: Ia64b9f62e9b881e24d74e23d96d5eb27805a126f
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>

diff --git a/src/qml/jsruntime/qv4argumentsobject.cpp b/src/qml/jsruntime/qv4argumentsobject.cpp
index 9879f2a..f157796 100644 (file)
--- a/src/qml/jsruntime/qv4argumentsobject.cpp
+++ b/src/qml/jsruntime/qv4argumentsobject.cpp
@@ -131,7 +131,7 @@ bool ArgumentsObject::defineOwnProperty(ExecutionContext *ctx, uint index, const
 
     bool strict = ctx->strictMode;
     ctx->strictMode = false;
-    bool result = Object::__defineOwnProperty__(ctx, index, desc, attrs);
+    bool result = Object::defineOwnProperty2(ctx, index, desc, attrs);
     ctx->strictMode = strict;
 
     if (isMapped && attrs.isData()) {

diff --git a/src/qml/jsruntime/qv4object.cpp b/src/qml/jsruntime/qv4object.cpp
index 53db957..fb56d62 100644 (file)
--- a/src/qml/jsruntime/qv4object.cpp
+++ b/src/qml/jsruntime/qv4object.cpp
@@ -973,8 +973,6 @@ reject:
 
 bool Object::__defineOwnProperty__(ExecutionContext *ctx, uint index, const Property &p, PropertyAttributes attrs)
 {
-    Property *current = 0;
-
     // 15.4.5.1, 4b
     if (isArrayObject() && index >= arrayLength() && !internalClass->propertyData[ArrayObject::LengthPropertyIndex].isWritable())
         goto reject;
@@ -982,6 +980,17 @@ bool Object::__defineOwnProperty__(ExecutionContext *ctx, uint index, const Prop
     if (ArgumentsObject::isNonStrictArgumentsObject(this))
         return static_cast<ArgumentsObject *>(this)->defineOwnProperty(ctx, index, p, attrs);
 
+    return defineOwnProperty2(ctx, index, p, attrs);
+reject:
+  if (ctx->strictMode)
+      ctx->throwTypeError();
+  return false;
+}
+
+bool Object::defineOwnProperty2(ExecutionContext *ctx, uint index, const Property &p, PropertyAttributes attrs)
+{
+    Property *current = 0;
+
     // Clause 1
     {
         uint pidx = propertyIndexFromArrayIndex(index);

diff --git a/src/qml/jsruntime/qv4object_p.h b/src/qml/jsruntime/qv4object_p.h
index b172ddb..a5f118c 100644 (file)
--- a/src/qml/jsruntime/qv4object_p.h
+++ b/src/qml/jsruntime/qv4object_p.h
@@ -150,6 +150,7 @@ struct Q_QML_EXPORT Object: Managed {
     bool __defineOwnProperty__(ExecutionContext *ctx, const StringRef name, const Property &p, PropertyAttributes attrs);
     bool __defineOwnProperty__(ExecutionContext *ctx, uint index, const Property &p, PropertyAttributes attrs);
     bool __defineOwnProperty__(ExecutionContext *ctx, const QString &name, const Property &p, PropertyAttributes attrs);
+    bool defineOwnProperty2(ExecutionContext *ctx, uint index, const Property &p, PropertyAttributes attrs);
 
     //
     // helpers

diff --git a/src/qml/jsruntime/qv4runtime.cpp b/src/qml/jsruntime/qv4runtime.cpp
index 304a4a4..23549fe 100644 (file)
--- a/src/qml/jsruntime/qv4runtime.cpp
+++ b/src/qml/jsruntime/qv4runtime.cpp
@@ -616,7 +616,7 @@ void __qmljs_set_element(ExecutionContext *ctx, const ValueRef object, const Val
     uint idx = index->asArrayIndex();
     if (idx < UINT_MAX) {
         uint pidx = o->propertyIndexFromArrayIndex(idx);
-        if (pidx < UINT_MAX) {
+        if (pidx < UINT_MAX && !o->asArgumentsObject()) {
             if (o->arrayData.attributes && !o->arrayData.attributes[pidx].isEmpty() && !o->arrayData.attributes[pidx].isWritable()) {
                 if (ctx->strictMode)
                     ctx->throwTypeError();