Ensure our builtin constructors are subclassable

Respect the newTarget passed into those constructors and make
sure we set up the proto chain correctly.

Change-Id: I3d12c7dbef4b33660a6715d73e9fb0f89105167a
Fixes: QTBUG-71138
Reviewed-by: Erik Verbruggen <erik.verbruggen@qt.io>

1 files changed, 9 insertions, 2 deletions

diff --git a/src/qml/jsruntime/qv4functionobject.cpp b/src/qml/jsruntime/qv4functionobject.cpp
index 93cc55f8ad..dfe9d35194 100644
--- a/src/qml/jsruntime/qv4functionobject.cpp
+++ b/src/qml/jsruntime/qv4functionobject.cpp
@@ -276,7 +276,7 @@ QQmlRefPointer<CompiledData::CompilationUnit> FunctionCtor::parse(ExecutionEngin
     return cg.generateCompilationUnit();
 }
 
-ReturnedValue FunctionCtor::virtualCallAsConstructor(const FunctionObject *f, const Value *argv, int argc, const Value *)
+ReturnedValue FunctionCtor::virtualCallAsConstructor(const FunctionObject *f, const Value *argv, int argc, const Value *newTarget)
 {
     ExecutionEngine *engine = f->engine();
 
@@ -286,7 +286,14 @@ ReturnedValue FunctionCtor::virtualCallAsConstructor(const FunctionObject *f, co
 
     Function *vmf = compilationUnit->linkToEngine(engine);
     ExecutionContext *global = engine->scriptContext();
-    return Encode(FunctionObject::createScriptFunction(global, vmf));
+    ReturnedValue o = Encode(FunctionObject::createScriptFunction(global, vmf));
+
+    if (!newTarget)
+        return o;
+    Scope scope(engine);
+    ScopedObject obj(scope, o);
+    obj->setProtoFromNewTarget(newTarget);
+    return obj->asReturnedValue();
 }
 
 // 15.3.1: This is equivalent to new Function(...)