diff options
-rw-r--r-- | src/qml/util/qqmllistaccessor.cpp | 21 | ||||
-rw-r--r-- | src/quick/doc/src/concepts/modelviewsdata/modelview.qdoc | 1 | ||||
-rw-r--r-- | tests/auto/quick/qquickrepeater/tst_qquickrepeater.cpp | 6 |
3 files changed, 27 insertions, 1 deletions
diff --git a/src/qml/util/qqmllistaccessor.cpp b/src/qml/util/qqmllistaccessor.cpp index ad55519ad3..46a11e2bc2 100644 --- a/src/qml/util/qqmllistaccessor.cpp +++ b/src/qml/util/qqmllistaccessor.cpp @@ -81,7 +81,26 @@ void QQmlListAccessor::setList(const QVariant &v, QQmlEngine *engine) } else if (d.userType() == QMetaType::QVariantList) { m_type = VariantList; } else if (d.canConvert(QVariant::Int)) { - m_type = Integer; + // Here we have to check for an upper limit, because down the line code might (well, will) + // allocate memory depending on the number of elements. The upper limit cannot be INT_MAX: + // QVector<QPointer<QQuickItem>> something; + // something.resize(count()); + // (See e.g. QQuickRepeater::regenerate()) + // This will allocate data along the lines of: + // sizeof(QPointer<QQuickItem>) * count() + QVector::headerSize + // So, doing an approximate round-down-to-nice-number, we get: + const int upperLimit = 100 * 1000 * 1000; + + int i = v.toInt(); + if (i < 0) { + qWarning("Model size of %d is less than 0", i); + m_type = Invalid; + } else if (i > upperLimit) { + qWarning("Model size of %d is bigger than the upper limit %d", i, upperLimit); + m_type = Invalid; + } else { + m_type = Integer; + } } else if ((!enginePrivate && QQmlMetaType::isQObject(d.userType())) || (enginePrivate && enginePrivate->isQObject(d.userType()))) { QObject *data = enginePrivate?enginePrivate->toQObject(d):QQmlMetaType::toQObject(d); diff --git a/src/quick/doc/src/concepts/modelviewsdata/modelview.qdoc b/src/quick/doc/src/concepts/modelviewsdata/modelview.qdoc index 86beb38e6a..c2a0450daf 100644 --- a/src/quick/doc/src/concepts/modelviewsdata/modelview.qdoc +++ b/src/quick/doc/src/concepts/modelviewsdata/modelview.qdoc @@ -307,6 +307,7 @@ To visualize data, bind the view's \c model property to a model and the } \endqml + \note The limit on the number of items in an integer model is 100,000,000. \section2 Object Instances as Models diff --git a/tests/auto/quick/qquickrepeater/tst_qquickrepeater.cpp b/tests/auto/quick/qquickrepeater/tst_qquickrepeater.cpp index 0860956224..e4b427f6ec 100644 --- a/tests/auto/quick/qquickrepeater/tst_qquickrepeater.cpp +++ b/tests/auto/quick/qquickrepeater/tst_qquickrepeater.cpp @@ -133,6 +133,12 @@ void tst_QQuickRepeater::numberModel() QMetaObject::invokeMethod(window->rootObject(), "checkProperties"); QVERIFY(!testObject->error()); + ctxt->setContextProperty("testData", std::numeric_limits<int>::max()); + QCOMPARE(repeater->parentItem()->childItems().count(), 1); + + ctxt->setContextProperty("testData", -1234); + QCOMPARE(repeater->parentItem()->childItems().count(), 1); + delete testObject; delete window; } |