Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-124157

QJSEngine crashes when evaluating arithmetic operation on array with self referencing

    XMLWordPrintable

Details

    • Windows

    Description

      following code crashes:

      #include <QtCore>
#include <QJSEngine>
int main(int argc, char *argv[])
{
    QCoreApplication a(argc, argv);
    QJSEngine{}.evaluate("a=[0,1]; a[0]=a; a+0");
    return 0;
}

      It goes into infinite recursion and cause segmentation fault.

      1     QV4::ArrayData::sort(QV4::ExecutionEngine *, QV4::Object *, QV4::Value const&, unsigned int)           0x7fff13a47843 
2     QV4::RuntimeHelpers::ordinaryToPrimitive(QV4::ExecutionEngine *, QV4::Object const *, QV4::String *)   0x7fff13ae5228 
3     QV4::RuntimeHelpers::objectDefaultValue(QV4::Object const *, int)                                      0x7fff13ae54f1 
4     QV4::Value::toQString() const                                                                          0x7fff13b115cd 
5     QV4::ArrayData::sort(QV4::ExecutionEngine *, QV4::Object *, QV4::Value const&, unsigned int)           0x7fff13a4cf0f 
6     QV4::ArrayData::sort(QV4::ExecutionEngine *, QV4::Object *, QV4::Value const&, unsigned int)           0x7fff13a479ea 
7     QV4::RuntimeHelpers::ordinaryToPrimitive(QV4::ExecutionEngine *, QV4::Object const *, QV4::String *)   0x7fff13ae5228 
8     QV4::RuntimeHelpers::objectDefaultValue(QV4::Object const *, int)                                      0x7fff13ae54f1 
9     QV4::Value::toQString() const                                                                          0x7fff13b115cd 
10    QV4::ArrayData::sort(QV4::ExecutionEngine *, QV4::Object *, QV4::Value const&, unsigned int)           0x7fff13a4cf0f 
11    QV4::ArrayData::sort(QV4::ExecutionEngine *, QV4::Object *, QV4::Value const&, unsigned int)           0x7fff13a479ea 
12    QV4::RuntimeHelpers::ordinaryToPrimitive(QV4::ExecutionEngine *, QV4::Object const *, QV4::String *)   0x7fff13ae5228 
13    QV4::RuntimeHelpers::objectDefaultValue(QV4::Object const *, int)                                      0x7fff13ae54f1 
14    QV4::Value::toQString() const                                                                          0x7fff13b115cd 
15    QV4::ArrayData::sort(QV4::ExecutionEngine *, QV4::Object *, QV4::Value const&, unsigned int)           0x7fff13a4cf0f 
16    QV4::ArrayData::sort(QV4::ExecutionEngine *, QV4::Object *, QV4::Value const&, unsigned int)           0x7fff13a479ea 
...                                                                                                             
9997  QV4::RuntimeHelpers::ordinaryToPrimitive(QV4::ExecutionEngine *, QV4::Object const *, QV4::String *)   0x7fff13ae5228 
9998  QV4::RuntimeHelpers::objectDefaultValue(QV4::Object const *, int)                                      0x7fff13ae54f1 
9999  QV4::Value::toQString() const                                                                          0x7fff13b115cd 
10000 QV4::ArrayData::sort(QV4::ExecutionEngine *, QV4::Object *, QV4::Value const&, unsigned int)           0x7fff13a4cf0f

      Attachments

        For Gerrit Dashboard: QTBUG-124157
        # Subject Branch Project Status CR V
        555283,1 RFC: Avoid infinite recursion in Array.join dev qt/qtdeclarative Status: NEW 0 0

        Activity

          People

            fabiankosmale Fabian Kosmale
            vooidzero void zero
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There is 1 open Gerrit change