Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.14.1
Affects Version/s: 5.13.2
Component/s: QML: Declarative and Javascript Engine
Labels:
- earmarked_by_ulf

Commits:
f60cde61149655d004343ab97f18b3414871d75b

Description

When sorting a sparse array (SparseArrayData) with Array.sort, the engine crashes due to a nullpointer dereference:

const v3 = [1,2,3];
v3[10000] = 0;
const v5 = v3.sort();

The root cause appears to be the call to thisObject->setArrayData(nullptr); in qv4arraydata.cpp:746. I am not quite sure why it is there (perhaps to reset the object's storage to set it up for the sorted elements?) - accessing the array data afterwards leads in order to sort the array leads to the crash.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

sort-sparse.js
0.1 kB
06 Jan '20 15:32

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Ulf Hermann

Reporter:: Tobias Holl

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 06 Jan '20 15:32

Updated:: 06 Jan '20 16:35

Resolved:: 06 Jan '20 16:35

Gerrit Reviews

There are no open Gerrit changes