Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.15.2, 6.3.2
-
-
872e91612f (qt/qtdeclarative/dev) 872e91612f (qt/qtdeclarative/wip/material3) 872e91612f (qt/tqtc-qtdeclarative/dev)
Description
I think I found a critical bug in Qt's Javascript engine. Here's a minimal example that triggers it. It is quite self-explanatory:
function myFunc(arg) { console.log("myFunc invoked", arg); }; let array = [myFunc, "string"]; array[0](array.reverse());
The code does actually invoke the function in browsers and in nodejs. But not in V4 where it gives "Type Error". Looks like V4 evaluates array[0] only after array.reverse() has been performed.
I stumbled on this behaviour while running obfuscated js code but I guess this could happen even in human-written code. IMO this bug should be top-priority.