From 1c5d88994c57c50fc8ffe4cd5d2b8d5d0b7c8084 Mon Sep 17 00:00:00 2001
From: Lars Knoll <lars.knoll@digia.com>
Date: Tue, 16 Apr 2013 09:05:47 +0200
Subject: [PATCH] Fix two more corner cases in the v8 API

if Script::Run() catches an exception return an empty Handle.
Don't try to set the array length to negative numbers.

Change-Id: Icefa3bc66d0359c0d3cffcf7c6650c8db34cc9aa
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
---
 src/qml/qml/v4vm/qv4v8.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/qml/qml/v4vm/qv4v8.cpp b/src/qml/qml/v4vm/qv4v8.cpp
index cc1ff1c..fe0130e 100644
--- a/src/qml/qml/v4vm/qv4v8.cpp
+++ b/src/qml/qml/v4vm/qv4v8.cpp
@@ -254,6 +254,7 @@ Local<Value> Script::Run()
     } catch (VM::Exception &e) {
         Isolate::GetCurrent()->setException(e.value());
         e.accept(ctx);
+        return Local<Value>();
     }
 
     return Local<Value>::New(Value::fromVmValue(result));
@@ -1087,6 +1088,8 @@ uint32_t Array::Length() const
 
 Local<Array> Array::New(int length)
 {
+    if (length < 0)
+        length = 0;
     VM::ArrayObject *a = currentEngine()->newArrayObject(currentEngine()->current);
     if (length < 0x1000)
         a->arrayReserve(length);
-- 
2.7.4