From 3dc6f446d300f686d7324d99cc65b01852d399b2 Mon Sep 17 00:00:00 2001 From: Erik Verbruggen Date: Mon, 4 Mar 2013 09:32:16 +0100 Subject: [PATCH] Fix off-by-one in assertion for argc/args in calls. When a call is done with 1 argument, it is not copied into the outgoing args array, but passed by-reference. So when it happens to be the last element in the stack frame, then args + argc == stackSize (because argc is 1). Change-Id: Idb769c95e9066c24a9d93cdcc24e13d3a9acc995 Reviewed-by: Simon Hausmann --- src/v4/moth/qv4vme_moth.cpp | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/v4/moth/qv4vme_moth.cpp b/src/v4/moth/qv4vme_moth.cpp index aea4fce..caa5810 100644 --- a/src/v4/moth/qv4vme_moth.cpp +++ b/src/v4/moth/qv4vme_moth.cpp @@ -230,26 +230,26 @@ VM::Value VME::run(QQmlJS::VM::ExecutionContext *context, const uchar *&code, } } #endif // DO_TRACE_INSTR - Q_ASSERT(instr.args + instr.argc < stackSize); + Q_ASSERT(instr.args + instr.argc <= stackSize); VM::Value *args = stack + instr.args; __qmljs_call_value(context, VALUEPTR(instr.result), /*thisObject*/0, VALUE(instr.dest), args, instr.argc); MOTH_END_INSTR(CallValue) MOTH_BEGIN_INSTR(CallProperty) TRACE(property name, "%s, args=%u, argc=%u, this=%s", qPrintable(instr.name->toQString()), instr.args, instr.argc, (VALUE(instr.base)).toString(context)->toQString().toUtf8().constData()); - Q_ASSERT(instr.args + instr.argc < stackSize); + Q_ASSERT(instr.args + instr.argc <= stackSize); VM::Value *args = stack + instr.args; __qmljs_call_property(context, VALUEPTR(instr.result), VALUE(instr.base), instr.name, args, instr.argc); MOTH_END_INSTR(CallProperty) MOTH_BEGIN_INSTR(CallElement) - Q_ASSERT(instr.args + instr.argc < stackSize); + Q_ASSERT(instr.args + instr.argc <= stackSize); VM::Value *args = stack + instr.args; __qmljs_call_element(context, VALUEPTR(instr.result), VALUE(instr.base), VALUE(instr.index), args, instr.argc); MOTH_END_INSTR(CallElement) MOTH_BEGIN_INSTR(CallActivationProperty) - Q_ASSERT(instr.args + instr.argc < stackSize); + Q_ASSERT(instr.args + instr.argc <= stackSize); VM::Value *args = stack + instr.args; __qmljs_call_activation_property(context, VALUEPTR(instr.result), instr.name, args, instr.argc); MOTH_END_INSTR(CallActivationProperty) @@ -387,26 +387,26 @@ VM::Value VME::run(QQmlJS::VM::ExecutionContext *context, const uchar *&code, MOTH_END_INSTR(CallBuiltinDefineProperty) MOTH_BEGIN_INSTR(CallBuiltinDefineArray) - Q_ASSERT(instr.args + instr.argc < stackSize); + Q_ASSERT(instr.args + instr.argc <= stackSize); VM::Value *args = stack + instr.args; __qmljs_builtin_define_array(context, VALUEPTR(instr.result), args, instr.argc); MOTH_END_INSTR(CallBuiltinDefineArray) MOTH_BEGIN_INSTR(CreateValue) - Q_ASSERT(instr.args + instr.argc < stackSize); + Q_ASSERT(instr.args + instr.argc <= stackSize); VM::Value *args = stack + instr.args; __qmljs_construct_value(context, VALUEPTR(instr.result), VALUE(instr.func), args, instr.argc); MOTH_END_INSTR(CreateValue) MOTH_BEGIN_INSTR(CreateProperty) - Q_ASSERT(instr.args + instr.argc < stackSize); + Q_ASSERT(instr.args + instr.argc <= stackSize); VM::Value *args = stack + instr.args; __qmljs_construct_property(context, VALUEPTR(instr.result), VALUE(instr.base), instr.name, args, instr.argc); MOTH_END_INSTR(CreateProperty) MOTH_BEGIN_INSTR(CreateActivationProperty) TRACE(inline, "property name = %s, args = %d, argc = %d", instr.name->toQString().toUtf8().constData(), instr.args, instr.argc); - Q_ASSERT(instr.args + instr.argc < stackSize); + Q_ASSERT(instr.args + instr.argc <= stackSize); VM::Value *args = stack + instr.args; __qmljs_construct_activation_property(context, VALUEPTR(instr.result), instr.name, args, instr.argc); MOTH_END_INSTR(CreateActivationProperty) -- 2.7.4