Details
P1: Critical Description
When such excerpt in the Java Script is passed as an argument to C++ function
[,"Argument Two","Argument Three"]
it is called Qt SDK
C:\Qt\4.7.4\src\script\api\qscriptengine.cpp
QStringList QScriptEnginePrivate::stringListFromArray(JSC::ExecState *exec, JSC::JSValue arr)
{
QStringList lst;
uint len = toUInt32(exec, property(exec, arr, exec->propertyNames().length));
for (uint i = 0; i < len; ++i)
lst.append(toString(exec, property(exec, arr, i)));
return lst;
}
then
C:\Qt\4.7.4\src\3rdparty\javascriptcore\JavaScriptCore\runtime\JSString.h
inline UString JSValue::toString(ExecState* exec) const
{
if (isString())
return static_cast<JSString*>(asCell())->value(exec);
if (isInt32())
return exec->globalData().numericStrings.add(asInt32());
if (isDouble())
return exec->globalData().numericStrings.add(asDouble());
if (isTrue())
return "true";
if (isFalse())
return "false";
if (isNull())
return "null";
if (isUndefined())
return "undefined";
ASSERT(isCell());
return asCell()->toString(exec); <=this line causes crash, because asCell() returns NULL
}
There is a missing condition to check before
return asCell()->toString(exec);
because
tag() == EmptyValueTag (-7)
Regards 