Fix occasional crashes

The accumulator needs to live on the JS stack when we call into
other functions, as the object in there could otherwise get
collected.

Change-Id: I67fc71af6032cf2468214986e678ee762bc4ebfd
Reviewed-by: Simon Hausmann <[email protected]>

1 files changed, 6 insertions, 7 deletions

diff --git a/src/qml/jsruntime/qv4vme_moth.cpp b/src/qml/jsruntime/qv4vme_moth.cpp
index 954b7d40a1..be79cac636 100644
--- a/src/qml/jsruntime/qv4vme_moth.cpp
+++ b/src/qml/jsruntime/qv4vme_moth.cpp
@@ -451,17 +451,16 @@ QV4::ReturnedValue VME::exec(Function *function)
     frame.v4Function = function;
     engine->currentStackFrame = &frame;
 
-    QV4::Value accumulator = Primitive::undefinedValue();
     QV4::Value *stack = nullptr;
     const uchar *exceptionHandler = 0;
 
     QV4::Scope scope(engine);
-    {
-        int nFormals = function->nFormals;
-        stack = scope.alloc(function->compiledFunction->nRegisters + nFormals + 1);
-        memcpy(stack, &engine->current->callData->thisObject, (nFormals + 1)*sizeof(Value));
-        stack += nFormals + 1;
-    }
+    int nFormals = function->nFormals;
+    stack = scope.alloc(function->compiledFunction->nRegisters + nFormals + 2);
+    QV4::Value &accumulator = *stack;
+    ++stack;
+    memcpy(stack, &engine->current->callData->thisObject, (nFormals + 1)*sizeof(Value));
+    stack += nFormals + 1;
 
     if (QV4::Debugging::Debugger *debugger = engine->debugger())
         debugger->enteringFunction();