v4: assert when an unsupported double value is stored in a value

we assume that just few NaN values can be generated by the HW
(currently 0x7ff800..00 and 0x7ffc00..00), and we use the other values
to encode js values.
If uninitialized memory is interpreted as double or another NaN is
explicitly constructed and feed to the interpreter, it might crash
(later when actually accessing that value).
Adding an assertion to catch those values when assertions are active
for the 32 bit encoding (64 bit already has it).

Task-number: QTBUG-36859
Change-Id: I7ac7b2619f286ba19066729836af718014a515a6
Reviewed-by: Johannes Matokic <[email protected]>
Reviewed-by: Simon Hausmann <[email protected]>
Reviewed-by: Lars Knoll <[email protected]>

1 files changed, 2 insertions, 2 deletions

diff --git a/src/qml/jsruntime/qv4value_p.h b/src/qml/jsruntime/qv4value_p.h
index 2c780622dc..3f83d7b25e 100644
--- a/src/qml/jsruntime/qv4value_p.h
+++ b/src/qml/jsruntime/qv4value_p.h
@@ -241,8 +241,8 @@ struct Q_QML_PRIVATE_EXPORT Value
     static inline bool bothDouble(Value a, Value b) {
         return ((a.tag | b.tag) & NotDouble_Mask) != NotDouble_Mask;
     }
-    double doubleValue() const { return dbl; }
-    void setDouble(double d) { dbl = d; }
+    double doubleValue() const { Q_ASSERT(isDouble()); return dbl; }
+    void setDouble(double d) { dbl = d; Q_ASSERT(isDouble()); }
     bool isNaN() const { return (tag & QV4::Value::NotDouble_Mask) == QV4::Value::NaN_Mask; }
 #endif
     inline bool isString() const;