Context properties: Don't trigger an assert for numeric names

The logic in our IdentifierHash assumes that every entry is a
StringOrSymbol; however, IdentifierTable::asProperyKey will convert keys
that look like numbers to ArrayIndex instead.
This is noramlly what we want, and not an issue, except for
setContextPropery where the user can pass an arbitrary string that is
not necessarily a valid identifier. In an ideal world, we would just
disallow such identifiers, but for backward compatibility change the
code to handle this case (avoiding a Qt internal assert).
We only need to modify the QString overloads, as those are the only ones
that interact with unsanitized user input.
A later commit will modify setContextPropery to warn if the key is
numeric.

Fixes: QTBUG-115319
Change-Id: Ifc4e4d2bc99321836e6976c4cbd0c5ff687b430c
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
(cherry picked from commit b2b90c7cf5cb5205f2c5b374f7332252205385e8)
Reviewed-by: Sami Shalayel <sami.shalayel@qt.io>

1 files changed, 16 insertions, 8 deletions

diff --git a/src/qml/jsruntime/qv4identifiertable.cpp b/src/qml/jsruntime/qv4identifiertable.cpp
index 8db00bd921..54ab77a31e 100644
--- a/src/qml/jsruntime/qv4identifiertable.cpp
+++ b/src/qml/jsruntime/qv4identifiertable.cpp
@@ -132,16 +132,23 @@ void IdentifierTable::addEntry(Heap::StringOrSymbol *str)
 
 
 
-Heap::String *IdentifierTable::insertString(const QString &s)
+Heap::String *IdentifierTable::insertString(
+        const QString &s, IdentifierTable::KeyConversionBehavior conversionBehavior)
 {
     uint subtype;
-    uint hash = String::createHashValue(s.constData(), s.length(), &subtype);
+
+    uint hash = String::createHashValue(s.constData(), s.size(), &subtype);
     if (subtype == Heap::String::StringType_ArrayIndex) {
-        Heap::String *str = engine->newString(s);
-        str->stringHash = hash;
-        str->subtype = subtype;
-        return str;
+        if (Q_UNLIKELY(conversionBehavior == ForceConversionToId)) {
+            hash = String::createHashValueDisallowingArrayIndex(s.constData(), s.size(), &subtype);
+        } else {
+            Heap::String *str = engine->newString(s);
+            str->stringHash = hash;
+            str->subtype = subtype;
+            return str;
+        }
     }
+
     uint idx = hash % alloc;
     while (Heap::StringOrSymbol *e = entriesByHash[idx]) {
         if (e->stringHash == hash && e->toQString() == s)
@@ -278,9 +285,10 @@ void IdentifierTable::sweep()
     size -= freed;
 }
 
-PropertyKey IdentifierTable::asPropertyKey(const QString &s)
+PropertyKey IdentifierTable::asPropertyKey(
+        const QString &s, IdentifierTable::KeyConversionBehavior conversionBehavior)
 {
-    return insertString(s)->identifier;
+    return insertString(s, conversionBehavior)->identifier;
 }
 
 PropertyKey IdentifierTable::asPropertyKey(const char *s, int len)