diff options
author | Ulf Hermann <ulf.hermann@digia.com> | 2014-09-19 16:12:24 +0200 |
---|---|---|
committer | Marc Mutz <marc.mutz@kdab.com> | 2014-10-17 10:09:18 +0200 |
commit | 880986be2357a1f80827d038d770dc2f80300201 (patch) | |
tree | 734cf9684d0b7f1cca65fc3e036e30a108d582f6 /src/corelib/tools/qstring.cpp | |
parent | 9eb2b25300c21df2abd9b174c1077a377a42fcd1 (diff) |
Check for integer overflows in places where qAllocMore is used
Task-number: QTBUG-41230
Change-Id: I5e932c2540c0bd67f13fab3ae20975d459f82c08
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Diffstat (limited to 'src/corelib/tools/qstring.cpp')
-rw-r--r-- | src/corelib/tools/qstring.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/corelib/tools/qstring.cpp b/src/corelib/tools/qstring.cpp index 95e45c8d93..7de7d74595 100644 --- a/src/corelib/tools/qstring.cpp +++ b/src/corelib/tools/qstring.cpp @@ -1684,8 +1684,11 @@ void QString::resize(int size) void QString::reallocData(uint alloc, bool grow) { - if (grow) + if (grow) { + if (alloc > (uint(MaxAllocSize) - sizeof(Data)) / sizeof(QChar)) + qBadAlloc(); alloc = qAllocMore(alloc * sizeof(QChar), sizeof(Data)) / sizeof(QChar); + } if (d->ref.isShared() || IS_RAW_DATA(d)) { Data::AllocationOptions allocOptions(d->capacityReserved ? Data::CapacityReserved : 0); |