Details
-
Bug
-
Resolution: Unresolved
-
P3: Somewhat important
-
6.5, 6.8, 6.9
-
None
Description
If QJSValue stores a heap object, we currently generally assume that it is safe to simply take it as a ReturnedValue, and to pass it along to other functions without putting it into a Scope.
The underlying assumption is that the QJSValue will store the heap object inside a QV4::PersistentValue, which ensures marking.
In most cases, this indeed holds true. However, some operations can trigger arbitrary user code. For instance, comparing two QJSValue can lead to a string conversion, which in turn can result in a call to a user defined toString meta-method.
Given that there's no guarantee that this doesn't replace the value stored in the QJSValue, we need to use scoped values in a few more places.