diff options
| author | Robert Loehning <robert.loehning@qt.io> | 2020-10-29 18:36:52 +0100 |
|---|---|---|
| committer | Robert Loehning <robert.loehning@qt.io> | 2020-11-09 21:06:48 +0000 |
| commit | d7574be45f69ecb297e92a932a634719fbedcace (patch) | |
| tree | 9b15068cb4f138ff26d605b42301c7a4f22b441d | |
| parent | ac60faa58e8f059e46161a3c7563f23831acc37e (diff) | |
Reduce memory reallocations in QTextTablePrivate::update()
This fixes oss-fuzz issue 21100.
Task-number: QTBUG-85139
Change-Id: I635c1fa9b16dd527e568ec1e98ea7cac73977020
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
(cherry picked from commit 07aa91221fb436d5c3fb8cbc72428b85714c576a)
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
| -rw-r--r-- | src/gui/text/qtexttable.cpp | 13 | ||||
| -rw-r--r-- | src/gui/text/qtexttable_p.h | 7 |
2 files changed, 6 insertions, 14 deletions
diff --git a/src/gui/text/qtexttable.cpp b/src/gui/text/qtexttable.cpp index 39f26d5d42..125b97a382 100644 --- a/src/gui/text/qtexttable.cpp +++ b/src/gui/text/qtexttable.cpp @@ -318,13 +318,6 @@ QTextFrame::iterator QTextTableCell::end() const Destroys the table cell. */ -QTextTablePrivate::~QTextTablePrivate() -{ - if (grid) - free(grid); -} - - QTextTable *QTextTablePrivate::createTable(QTextDocumentPrivate *pieceTable, int pos, int rows, int cols, const QTextTableFormat &tableFormat) { QTextTableFormat fmt = tableFormat; @@ -446,8 +439,7 @@ void QTextTablePrivate::update() const nRows = (cells.size() + nCols-1)/nCols; // qDebug(">>>> QTextTablePrivate::update, nRows=%d, nCols=%d", nRows, nCols); - grid = q_check_ptr((int *)realloc(grid, nRows*nCols*sizeof(int))); - memset(grid, 0, nRows*nCols*sizeof(int)); + grid.assign(nRows * nCols, 0); QTextDocumentPrivate *p = pieceTable; QTextFormatCollection *c = p->formatCollection(); @@ -470,8 +462,7 @@ void QTextTablePrivate::update() const cellIndices[i] = cell; if (r + rowspan > nRows) { - grid = q_check_ptr((int *)realloc(grid, sizeof(int)*(r + rowspan)*nCols)); - memset(grid + (nRows*nCols), 0, sizeof(int)*(r+rowspan-nRows)*nCols); + grid.resize((r + rowspan) * nCols, 0); nRows = r + rowspan; } diff --git a/src/gui/text/qtexttable_p.h b/src/gui/text/qtexttable_p.h index 5c05611009..784c8824ba 100644 --- a/src/gui/text/qtexttable_p.h +++ b/src/gui/text/qtexttable_p.h @@ -55,14 +55,15 @@ #include "private/qtextobject_p.h" #include "private/qtextdocument_p.h" +#include <vector> + QT_BEGIN_NAMESPACE class QTextTablePrivate : public QTextFramePrivate { Q_DECLARE_PUBLIC(QTextTable) public: - QTextTablePrivate(QTextDocument *document) : QTextFramePrivate(document), grid(nullptr), nRows(0), nCols(0), dirty(true), blockFragmentUpdates(false) {} - ~QTextTablePrivate(); + QTextTablePrivate(QTextDocument *document) : QTextFramePrivate(document), nRows(0), nCols(0), dirty(true), blockFragmentUpdates(false) {} static QTextTable *createTable(QTextDocumentPrivate *, int pos, int rows, int cols, const QTextTableFormat &tableFormat); void fragmentAdded(QChar type, uint fragment) override; @@ -76,7 +77,7 @@ public: // symmetric to cells array and maps to indecs in grid, // used for fast-lookup for row/column by fragment mutable QVector<int> cellIndices; - mutable int *grid; + mutable std::vector<int> grid; mutable int nRows; mutable int nCols; mutable bool dirty; |