diff options
author | Liang Qi <liang.qi@qt.io> | 2016-05-12 07:31:50 +0200 |
---|---|---|
committer | Liang Qi <liang.qi@qt.io> | 2016-05-12 08:33:08 +0200 |
commit | 990969655c5fb4d03682e96df9b12101f5ee9815 (patch) | |
tree | b8fb5c50285105c8bc5a938fb50f93ff9f24889d /src/corelib/tools/qarraydata.cpp | |
parent | a213011a53f12f101d08a04afc8fdacd2d54a232 (diff) | |
parent | e64b2234e829cc47872225debcf80d6c06db18f0 (diff) |
Merge remote-tracking branch 'origin/5.7' into dev
Conflicts:
config_help.txt
configure
src/corelib/io/qprocess_wince.cpp
src/plugins/platforms/windows/qwindowstheme.cpp
src/plugins/platforms/xcb/qxcbbackingstore.cpp
tests/auto/corelib/tools/qtimezone/BLACKLIST
tests/auto/network/socket/qudpsocket/tst_qudpsocket.cpp
tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp
Change-Id: I26644d1cb3b78412c8ff285e2a55bea1bd641c01
Diffstat (limited to 'src/corelib/tools/qarraydata.cpp')
-rw-r--r-- | src/corelib/tools/qarraydata.cpp | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/corelib/tools/qarraydata.cpp b/src/corelib/tools/qarraydata.cpp index 21ad799e25..bf336a8f31 100644 --- a/src/corelib/tools/qarraydata.cpp +++ b/src/corelib/tools/qarraydata.cpp @@ -38,6 +38,7 @@ ****************************************************************************/ #include <QtCore/qarraydata.h> +#include <QtCore/private/qnumeric_p.h> #include <QtCore/private/qtools_p.h> #include <stdlib.h> @@ -93,16 +94,22 @@ QArrayData *QArrayData::allocate(size_t objectSize, size_t alignment, if (capacity > std::numeric_limits<size_t>::max() / objectSize) return 0; - size_t alloc = objectSize * capacity; + size_t alloc; + if (mul_overflow(objectSize, capacity, &alloc)) + return 0; - // Make sure qAllocMore won't overflow. + // Make sure qAllocMore won't overflow qAllocMore. if (headerSize > size_t(MaxAllocSize) || alloc > size_t(MaxAllocSize) - headerSize) return 0; capacity = qAllocMore(int(alloc), int(headerSize)) / int(objectSize); } - size_t allocSize = headerSize + objectSize * capacity; + size_t allocSize; + if (mul_overflow(objectSize, capacity, &allocSize)) + return 0; + if (add_overflow(allocSize, headerSize, &allocSize)) + return 0; QArrayData *header = static_cast<QArrayData *>(::malloc(allocSize)); if (header) { |