Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.15.3
-
dde1d86baabac1eddd84a11b7d2ed49e26c511bd (qt/qtdeclarative/dev) 762e70ea2ec028d0ce1659ed4ae8fc2ec47d950f (qt/qtdeclarative/6.2) 0e88794676 (qt/tqtc-qtdeclarative/5.15)
Description
This code :
function *a() {
(function() { yield 1; })();
}
let it = a();
it.next();
is accepted as valid syntax leading to a crash when JIT kicks in :
QV4::JIT::BaselineJIT::generate_Yield() QV4::Moth::ByteCodeHandler::decode(const char * code, unsigned int len) QV4::JIT::BaselineJIT::generate()
PS: I wasn't able to crash the app with the code above which is derived from our real world crash and fix knowledge on this.
Attachments
| For Gerrit Dashboard: QTBUG-98356 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 381678,4 | QML/JS: Reject yield expression not directly in generator functions | dev | qt/qtdeclarative | Status: MERGED | +2 | 0 |
| 381967,2 | QML/JS: Reject yield expression not directly in generator functions | 6.2 | qt/qtdeclarative | Status: MERGED | +2 | 0 |
| 381969,3 | QML/JS: Reject yield expression not directly in generator functions | tqtc/lts-5.15 | qt/tqtc-qtdeclarative | Status: MERGED | -1 | 0 |