summaryrefslogtreecommitdiffstats
path: root/src/corelib/tools/qbytearray.cpp
diff options
context:
space:
mode:
authorUlf Hermann <ulf.hermann@digia.com>2014-09-19 16:12:24 +0200
committerMarc Mutz <marc.mutz@kdab.com>2014-10-17 10:09:18 +0200
commit880986be2357a1f80827d038d770dc2f80300201 (patch)
tree734cf9684d0b7f1cca65fc3e036e30a108d582f6 /src/corelib/tools/qbytearray.cpp
parent9eb2b25300c21df2abd9b174c1077a377a42fcd1 (diff)
Check for integer overflows in places where qAllocMore is used
Task-number: QTBUG-41230 Change-Id: I5e932c2540c0bd67f13fab3ae20975d459f82c08 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Diffstat (limited to 'src/corelib/tools/qbytearray.cpp')
-rw-r--r--src/corelib/tools/qbytearray.cpp7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/corelib/tools/qbytearray.cpp b/src/corelib/tools/qbytearray.cpp
index a069e441df..f57bcdb424 100644
--- a/src/corelib/tools/qbytearray.cpp
+++ b/src/corelib/tools/qbytearray.cpp
@@ -123,7 +123,7 @@ int qFindByteArray(
int qAllocMore(int alloc, int extra) Q_DECL_NOTHROW
{
Q_ASSERT(alloc >= 0 && extra >= 0);
- Q_ASSERT_X(alloc < (1 << 30) - extra, "qAllocMore", "Requested size is too large!");
+ Q_ASSERT_X(alloc <= MaxAllocSize - extra, "qAllocMore", "Requested size is too large!");
unsigned nalloc = qNextPowerOfTwo(alloc + extra);
@@ -1545,8 +1545,11 @@ void QByteArray::reallocData(uint alloc, Data::AllocationOptions options)
Data::deallocate(d);
d = x;
} else {
- if (options & Data::Grow)
+ if (options & Data::Grow) {
+ if (alloc > uint(MaxAllocSize) - uint(sizeof(Data)))
+ qBadAlloc();
alloc = qAllocMore(alloc, sizeof(Data));
+ }
Data *x = static_cast<Data *>(::realloc(d, sizeof(Data) + alloc));
Q_CHECK_PTR(x);
x->alloc = alloc;