Timo Jyrinki has proposed merging
lp:~timo-jyrinki/kubuntu-packaging/qtdeclarative_fix_marking_of_prototype_objects_in_chain
into lp:~kubuntu-packagers/kubuntu-packaging/qtdeclarative-opensource-src.
Commit message:
* debian/patches/Fix-marking-of-prototype-objects-in-chain.patch
- Fix a crasher with deleted QQmlCompiledData as suggested by upstream
(LP: #1304248)
Requested reviews:
PS Jenkins bot (ps-jenkins): continuous-integration
Kubuntu Packagers (kubuntu-packagers)
Related bugs:
Bug #1304248 in qtdeclarative-opensource-src (Ubuntu): "[PATCH] Crash with
deleted QQmlCompiledData"
https://bugs.launchpad.net/ubuntu/+source/qtdeclarative-opensource-src/+bug/1304248
For more details, see:
https://code.launchpad.net/~timo-jyrinki/kubuntu-packaging/qtdeclarative_fix_marking_of_prototype_objects_in_chain/+merge/214689
--
https://code.launchpad.net/~timo-jyrinki/kubuntu-packaging/qtdeclarative_fix_marking_of_prototype_objects_in_chain/+merge/214689
Your team Kubuntu Packagers is requested to review the proposed merge of
lp:~timo-jyrinki/kubuntu-packaging/qtdeclarative_fix_marking_of_prototype_objects_in_chain
into lp:~kubuntu-packagers/kubuntu-packaging/qtdeclarative-opensource-src.
=== modified file 'debian/changelog'
--- debian/changelog 2014-04-03 08:34:03 +0000
+++ debian/changelog 2014-04-08 08:51:51 +0000
@@ -1,3 +1,11 @@
+qtdeclarative-opensource-src (5.2.1-3ubuntu14) trusty; urgency=medium
+
+ * debian/patches/Fix-marking-of-prototype-objects-in-chain.patch
+ - Fix a crasher with deleted QQmlCompiledData as suggested by upstream
+ (LP: #1304248)
+
+ -- Timo Jyrinki <[email protected]> Tue, 08 Apr 2014 11:42:27 +0300
+
qtdeclarative-opensource-src (5.2.1-3ubuntu13) trusty; urgency=medium
* debian/patches/Support-RFC2822Date-date-format-similar-to-V8.patch
=== added file 'debian/patches/Fix-marking-of-prototype-objects-in-chain.patch'
--- debian/patches/Fix-marking-of-prototype-objects-in-chain.patch 1970-01-01 00:00:00 +0000
+++ debian/patches/Fix-marking-of-prototype-objects-in-chain.patch 2014-04-08 08:51:51 +0000
@@ -0,0 +1,89 @@
+From 0d90b1d646d9f443f071f474911cd7a8495d523b Mon Sep 17 00:00:00 2001
+From: Simon Hausmann <[email protected]>
+Date: Mon, 7 Apr 2014 11:20:03 +0200
+Subject: [PATCH] Fix marking of prototype objects in chain
+
+With a real prototype chain it can happen that an internal class' prototype's
+class itself has a prototype. Therefore the first transition on the empty class
+is a PrototypeChange one, but the class the transition leads to may have
+PrototypeChange transitions itself, which weren't marked.
+
+There are multiple solutions to this, but this patch is the minimal fix by
+recursing fully through the internal class tree. That way it's easier to
+back-port the fix also into 5.2.x based branches.
+
+Task-number: QTBUG-37834
+
+Change-Id: I901b13a2663fbad5844003ca5752f2f304de320c
+---
+ src/qml/jsruntime/qv4internalclass.cpp | 15 ++++++---------
+ tests/auto/qml/qjsengine/tst_qjsengine.cpp | 18 ++++++++++++++++++
+ 2 files changed, 24 insertions(+), 9 deletions(-)
+
+diff --git a/src/qml/jsruntime/qv4internalclass.cpp b/src/qml/jsruntime/qv4internalclass.cpp
+index 4fe8f0b..dab137b 100644
+--- a/src/qml/jsruntime/qv4internalclass.cpp
++++ b/src/qml/jsruntime/qv4internalclass.cpp
+@@ -458,17 +458,14 @@ void InternalClass::destroy()
+ void InternalClass::markObjects()
+ {
+ // all prototype changes are done on the empty class
+- Q_ASSERT(!prototype);
++ Q_ASSERT(!prototype || this != engine->emptyClass);
++
++ if (prototype)
++ prototype->mark(engine);
+
+ for (QHash<Transition, InternalClass *>::ConstIterator it = transitions.begin(), end = transitions.end();
+- it != end; ++it) {
+- if (it.key().flags == Transition::VTableChange) {
+- it.value()->markObjects();
+- } else if (it.key().flags == Transition::ProtoChange) {
+- Q_ASSERT(it.value()->prototype);
+- it.value()->prototype->mark(engine);
+- }
+- }
++ it != end; ++it)
++ it.value()->markObjects();
+ }
+
+ QT_END_NAMESPACE
+diff --git a/tests/auto/qml/qjsengine/tst_qjsengine.cpp b/tests/auto/qml/qjsengine/tst_qjsengine.cpp
+index 518d3e9..7ef6bd9 100644
+--- a/tests/auto/qml/qjsengine/tst_qjsengine.cpp
++++ b/tests/auto/qml/qjsengine/tst_qjsengine.cpp
+@@ -151,6 +151,8 @@ private slots:
+ void functionDeclarationsInConditionals();
+
+ void arrayPop_QTBUG_35979();
++ void prototypeChainGc();
++
+ };
+
+ tst_QJSEngine::tst_QJSEngine()
+@@ -2942,6 +2944,22 @@ void tst_QJSEngine::indexedAccesses()
+ QCOMPARE(result.toString(), QString("1,3"));
+ }
+
++void tst_QJSEngine::prototypeChainGc()
++{
++ QJSEngine engine;
++
++ QJSValue getProto = engine.evaluate("Object.getPrototypeOf");
++
++ QJSValue factory = engine.evaluate("function() { return Object.create(Object.create({})); }");
++ QVERIFY(factory.isCallable());
++ QJSValue obj = factory.call();
++ engine.collectGarbage();
++
++ QJSValue proto = getProto.call(QJSValueList() << obj);
++ proto = getProto.call(QJSValueList() << proto);
++ QVERIFY(proto.isObject());
++}
++
+ QTEST_MAIN(tst_QJSEngine)
+
+ #include "tst_qjsengine.moc"
+--
+1.9.1
+
=== modified file 'debian/patches/series'
--- debian/patches/series 2014-04-03 08:34:03 +0000
+++ debian/patches/series 2014-04-08 08:51:51 +0000
@@ -19,3 +19,4 @@
V4-regalloc-fix-interval-splitting-when-register-pre.patch
0001-Call-tzset-from-getLocalTZA-so-we-learn-about-tz-cha.patch
Support-RFC2822Date-date-format-similar-to-V8.patch
+Fix-marking-of-prototype-objects-in-chain.patch
--
kubuntu-devel mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/kubuntu-devel
