diff options
authorMarc Mutz <>2021-06-25 23:54:05 +0200
committerQt Cherry-pick Bot <>2021-06-28 14:22:55 +0000
commit9d0bd169bbf950cca3705a8c855c82e236e928e8 (patch)
parentae71fb7fe99bc66b9ca2fafa28b016065ac3b14d (diff)
QVarLengthArray: fix aliasing error in insert(it, n, v)
Taking the copy after the resize is completely pointless: the copy is there to ensure that `t`, being a reference potentially aliasing an element in [begin(), end()[ before the resize(), isn't invalidated by the resize(), so it must be taken before resize(). Add a comment so the next rewrite doesn't cause this to be mixed up again. [ChangeLog][QtCore][QVarLengthArray] Fixed an aliasing bug affecting insertions of objects aliasing existing elements. Change-Id: I26bc449fa99bf8d09a19147a12a69ac4314cc61d Reviewed-by: Giuseppe D'Angelo <> (cherry picked from commit 6e57e41f9aef5ccfa122c10bc6253d47dafd93d2) Reviewed-by: Qt Cherry-pick Bot <>
1 files changed, 1 insertions, 1 deletions
diff --git a/src/corelib/tools/qvarlengtharray.h b/src/corelib/tools/qvarlengtharray.h
index 6a99602153..0cd811825c 100644
--- a/src/corelib/tools/qvarlengtharray.h
+++ b/src/corelib/tools/qvarlengtharray.h
@@ -633,8 +633,8 @@ Q_OUTOFLINE_TEMPLATE typename QVarLengthArray<T, Prealloc>::iterator QVarLengthA
qsizetype offset = qsizetype(before - ptr);
if (n != 0) {
+ const T copy(t); // `t` could alias an element in [begin(), end()[
resize(s + n);
- const T copy(t);
if (!QTypeInfo<T>::isRelocatable) {
T *b = ptr + offset;
T *j = ptr + s;