Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 6.5.0 Beta1
Affects Version/s: 5.15.2, 6.3.2
Component/s: QML: Declarative and Javascript Engine
Labels:
- earmarked_by_ulf

Platform/s:

All
Commits:
872e91612f (qt/qtdeclarative/dev) 872e91612f (qt/qtdeclarative/wip/material3) 872e91612f (qt/tqtc-qtdeclarative/dev)

Description

I think I found a critical bug in Qt's Javascript engine. Here's a minimal example that triggers it. It is quite self-explanatory:

function myFunc(arg) {
    console.log("myFunc invoked", arg);
};
let array = [myFunc, "string"];
array[0](array.reverse());

The code does actually invoke the function in browsers and in nodejs. But not in V4 where it gives "Type Error". Looks like V4 evaluates array[0] only after array.reverse() has been performed.

I stumbled on this behaviour while running obfuscated js code but I guess this could happen even in human-written code. IMO this bug should be top-priority.

Attachments

Activity

People

Assignee:: Ulf Hermann

Reporter:: Flavio Tordini

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 19 Sep '22 15:47

Updated:: 23 Dec '22 20:42

Resolved:: 10 Nov '22 11:47