Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.9.6, 5.11.0 Beta 3
Affects Version/s: 5.5.1
Component/s: QML: Declarative and Javascript Engine
Labels:
None
Environment:
Qt 5.5.1 on Windows/Linux

Description

A strange object corruption problem happens when using a 3rd party JavaScript library, possibly due to Array.concat. Unfortunately I wasn't able to extract a smaller piece of code that demonstrates the problem, so I'm putting it here in full.

When you run the attached QML example file, you'll see two outputs logged by the code that I added manually to the attached js file at line 3118. The second logging will have the "corrupt" object. Line 5225 seems like the culprit.

The problem doesn't present when the library is used in browsers or nodejs.

You can see the original issue here:
https://github.com/andrewplummer/Sugar/issues/543

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

CorruptionDemo.qml
0.2 kB
01 Mar '16 14:53
sugar_modified.js
350 kB
01 Mar '16 14:53

Issue Links

relates to

QTBUG-69024 Function from js-file becomes global for all files.

Closed

QTBUG-81037 Array.concat does not verify length against allocated space

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-51581
#	Subject	Branch	Project	Status	CR	V
222768,14	Ensure we read context properties before the global object	dev	qt/qtdeclarative	Status: MERGED	+2	0
223769,2	Fix out of bounds reads in Array.concat	5.11	qt/qtdeclarative	Status: MERGED	+2	0
223887,2	Fix out of bounds reads in Array.concat	5.9	qt/qtdeclarative	Status: MERGED	+2	0