diff options
author | Ulf Hermann <ulf.hermann@digia.com> | 2014-09-19 16:12:24 +0200 |
---|---|---|
committer | Marc Mutz <marc.mutz@kdab.com> | 2014-10-17 10:09:18 +0200 |
commit | 880986be2357a1f80827d038d770dc2f80300201 (patch) | |
tree | 734cf9684d0b7f1cca65fc3e036e30a108d582f6 /src/corelib/tools/qlist.cpp | |
parent | 9eb2b25300c21df2abd9b174c1077a377a42fcd1 (diff) |
Check for integer overflows in places where qAllocMore is used
Task-number: QTBUG-41230
Change-Id: I5e932c2540c0bd67f13fab3ae20975d459f82c08
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Diffstat (limited to 'src/corelib/tools/qlist.cpp')
-rw-r--r-- | src/corelib/tools/qlist.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/corelib/tools/qlist.cpp b/src/corelib/tools/qlist.cpp index 8e2bed7a7c..f32cd78801 100644 --- a/src/corelib/tools/qlist.cpp +++ b/src/corelib/tools/qlist.cpp @@ -55,6 +55,8 @@ const QListData::Data QListData::shared_null = { Q_REFCOUNT_INITIALIZE_STATIC, 0 static int grow(int size) { + if (size_t(size) > (MaxAllocSize - QListData::DataHeaderSize) / sizeof(void *)) + qBadAlloc(); // dear compiler: don't optimize me out. volatile int x = qAllocMore(size * sizeof(void *), QListData::DataHeaderSize) / sizeof(void *); return x; |