Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-81106

Sorting a sparse array with Array.sort leads to nullpointer dereference

    XMLWordPrintable

Details

    • f60cde61149655d004343ab97f18b3414871d75b

    Description

      When sorting a sparse array (SparseArrayData) with Array.sort, the engine crashes due to a nullpointer dereference:

      const v3 = [1,2,3];
      v3[10000] = 0;
      const v5 = v3.sort();
      

      The root cause appears to be the call to thisObject->setArrayData(nullptr); in qv4arraydata.cpp:746. I am not quite sure why it is there (perhaps to reset the object's storage to set it up for the sorted elements?) - accessing the array data afterwards leads in order to sort the array leads to the crash.

      Attachments

        1. sort-sparse.js
          0.1 kB
          Tobias Holl
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            ulherman Ulf Hermann
            hlt Tobias Holl
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes