Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.14.0 Beta2
Affects Version/s: 5.12.4, 5.12.5, 5.13.1
Component/s: QML: Declarative and Javascript Engine
Labels:
- earmarked_by_ulf

Platform/s:

iOS/tvOS/watchOS, Linux/X11
Commits:
00ae3b2323e9b138b0b43f301ec9da9407c66600

Description

When I call a function with 14 parameters in QML I get a segfault in:

qv4stackframe_p.h line 190:

memset(jsFrame->args + argc, 0, (nRegisters - argc)*sizeof(Value));

nRegisters is 11 and argc is 14, so the third parameters yields -3*sizeof(Value) which is converted to size_t.

I guess the memset should only be done in case argc<nRegisters?

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

crash_test.zip
2 kB
14 Oct '19 05:48

Activity

People

Assignee:: Ulf Hermann

Reporter:: Christian Eltges

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 18 Sep '19 06:26

Updated:: 21 Oct '19 23:53

Resolved:: 21 Oct '19 23:53