From c71448dc97778b48824f081749fe4c270a34446f Mon Sep 17 00:00:00 2001
From: Lars Knoll <lars.knoll@qt.io>
Date: Sat, 1 Sep 2018 20:23:36 +0200
Subject: Fix subclassing of ArrayBuffer and TypedArrays

Change-Id: I481974c224f7fdb4df6b641e8dd550add96b4c08
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
---
 src/qml/jsruntime/qv4arraybuffer.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/qml/jsruntime/qv4arraybuffer.cpp')

diff --git a/src/qml/jsruntime/qv4arraybuffer.cpp b/src/qml/jsruntime/qv4arraybuffer.cpp
index 9b5a983fdf..e74503e9d3 100644
--- a/src/qml/jsruntime/qv4arraybuffer.cpp
+++ b/src/qml/jsruntime/qv4arraybuffer.cpp
@@ -85,7 +85,7 @@ ReturnedValue SharedArrayBufferCtor::virtualCall(const FunctionObject *f, const
 }
 
 
-ReturnedValue ArrayBufferCtor::virtualCallAsConstructor(const FunctionObject *f, const Value *argv, int argc, const Value *)
+ReturnedValue ArrayBufferCtor::virtualCallAsConstructor(const FunctionObject *f, const Value *argv, int argc, const Value *newTarget)
 {
     ExecutionEngine *v4 = f->engine();
     Scope scope(v4);
@@ -99,6 +99,12 @@ ReturnedValue ArrayBufferCtor::virtualCallAsConstructor(const FunctionObject *f,
         return v4->throwRangeError(QLatin1String("ArrayBuffer constructor: invalid length"));
 
     Scoped<ArrayBuffer> a(scope, v4->newArrayBuffer(len));
+    if (newTarget->heapObject() != f->heapObject() && newTarget->isFunctionObject()) {
+        const FunctionObject *nt = static_cast<const FunctionObject *>(newTarget);
+        ScopedObject o(scope, nt->protoProperty());
+        if (o)
+            a->setPrototypeOf(o);
+    }
     if (scope.engine->hasException)
         return Encode::undefined();
 
-- 
cgit v1.2.3