Fix QString and QByteArray reserve() and squeeze()

These functions should not take care not to unconditionally set the
capacityReserved private member, since the d may be referencing the
const shared_null or shared_empty which live in read-only memory.

The squeeze() methods check for ref > 1 instead of ref != 1 to prevent
detaching from the shared_null/shared_empty unnecessarily; the
shared_null/shared_empty ref count is -1, meaning squeeze() will never
detach from it.

Change-Id: Id3f1725a6f08b3a462343640a47bbe78f08ca7e7
Rubberstamped-by: Lars Knoll
Reviewed-on: http://codereview.qt-project.org/5454
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>

1 files changed, 18 insertions, 2 deletions

diff --git a/src/corelib/tools/qbytearray.h b/src/corelib/tools/qbytearray.h
index 3bb26ba21e..3ebeb3c340 100644
--- a/src/corelib/tools/qbytearray.h
+++ b/src/corelib/tools/qbytearray.h
@@ -439,10 +439,26 @@ inline int QByteArray::capacity() const
 { return d->alloc; }
 
 inline void QByteArray::reserve(int asize)
-{ if (d->ref != 1 || asize > int(d->alloc)) realloc(asize); d->capacityReserved = true; }
+{
+    if (d->ref != 1 || asize > int(d->alloc))
+        realloc(asize);
+
+    if (!d->capacityReserved) {
+        // cannot set unconditionally, since d could be the shared_null/shared_empty (which is const)
+        d->capacityReserved = true;
+    }
+}
 
 inline void QByteArray::squeeze()
-{ if (d->ref != 1 || d->size < int(d->alloc)) realloc(d->size); d->capacityReserved = false; }
+{
+    if (d->ref > 1 || d->size < int(d->alloc))
+        realloc(d->size);
+
+    if (d->capacityReserved) {
+        // cannot set unconditionally, since d could be the shared_null/shared_empty (which is const)
+        d->capacityReserved = false;
+    }
+}
 
 class Q_CORE_EXPORT QByteRef {
     QByteArray &a;