[Webkit-unassigned] [Bug 107477] [Qt] Crash when reading QObjectList property value
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 22 02:23:48 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=107477
Andras Becsi <abecsi at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |abecsi at webkit.org,
| |hausmann at webkit.org
--- Comment #1 from Andras Becsi <abecsi at webkit.org> 2013-01-22 02:25:40 PST ---
You can create a ChangeLog with Tools/Scripts/prepare-Changelog
and just upload the diff manually if you have trouble with webkit-patch.
CC-ing Simon.
(In reply to comment #0)
> If a QObject that have a QObjectList property is exposed to javascript using addToJavaScriptWindowObject, the program will crash when trying to read the property value if the returned list contains more than one element.
>
> The following patch fixes the crash for me.
> index e2ca465..37f2fd4 100644
> --- a/Source/WebCore/bridge/qt/qt_runtime.cpp
> +++ b/Source/WebCore/bridge/qt/qt_runtime.cpp
> @@ -801,7 +801,7 @@ JSValueRef convertQVariantToValue(JSContextRef context, PassRefPtr<RootObject> r
> JSObjectRef array = JSObjectMakeArray(context, 0, 0, exception);
> ExecState* exec = toJS(context);
> for (int i = 0; i < ol.count(); ++i) {
> - JSValueRef jsObject = toRef(exec, QtInstance::getQtInstance(ol.at(i), root, QtInstance::QtOwnership)->createRuntimeObject(exec));
> + JSValueRef jsObject = toRef(exec, QtInstance::getQtInstance(ol.at(i), root.get(), QtInstance::QtOwnership)->createRuntimeObject(exec));
AFAICT this probably needs to be applied to line 740 of this file as well.
> JSObjectSetPropertyAtIndex(context, array, i, jsObject, /*ignored exception*/0);
> }
> return array;
>
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list