Check for integer overflows in places where qAllocMore is used

Task-number: QTBUG-41230 Change-Id: I5e932c2540c0bd67f13fab3ae20975d459f82c08 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
author: Ulf Hermann <ulf.hermann@digia.com> 2014-09-19 16:12:24 +0200
committer: Marc Mutz <marc.mutz@kdab.com> 2014-10-17 10:09:18 +0200
commit: 880986be2357a1f80827d038d770dc2f80300201 (patch)
tree: 734cf9684d0b7f1cca65fc3e036e30a108d582f6 /src/corelib/tools/qlist.cpp
parent: 9eb2b25300c21df2abd9b174c1077a377a42fcd1 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/corelib/tools/qlist.cpp b/src/corelib/tools/qlist.cpp
index 8e2bed7a7c..f32cd78801 100644
--- a/src/corelib/tools/qlist.cpp
+++ b/src/corelib/tools/qlist.cpp
@@ -55,6 +55,8 @@ const QListData::Data QListData::shared_null = { Q_REFCOUNT_INITIALIZE_STATIC, 0
 
 static int grow(int size)
 {
+    if (size_t(size) > (MaxAllocSize - QListData::DataHeaderSize) / sizeof(void *))
+        qBadAlloc();
     // dear compiler: don't optimize me out.
     volatile int x = qAllocMore(size * sizeof(void *), QListData::DataHeaderSize) / sizeof(void *);
     return x;
author	Ulf Hermann <ulf.hermann@digia.com>	2014-09-19 16:12:24 +0200
committer	Marc Mutz <marc.mutz@kdab.com>	2014-10-17 10:09:18 +0200
commit	880986be2357a1f80827d038d770dc2f80300201 (patch)
tree	734cf9684d0b7f1cca65fc3e036e30a108d582f6 /src/corelib/tools/qlist.cpp
parent	9eb2b25300c21df2abd9b174c1077a377a42fcd1 (diff)