diff options
author | Volker Krause <volker.krause@kdab.com> | 2014-01-17 13:28:37 +0100 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2014-01-18 11:16:40 +0100 |
commit | ec77f93b389d0a69af54f278a8bf7c4919fd696c (patch) | |
tree | d0319b220c4e1da71cbad7d57fc0508db5ad5756 /src/corelib/tools/qvector.h | |
parent | eae8abbc188db559bb1509dbcab6807252edc32e (diff) |
Fix crash when constructing a QVector with an empty initializer list.
Data::allocate(0) returns a pointer to read-only memory, updating d->size
will segfault. The safety check for this exists in all other QVector ctors
already.
Change-Id: Ida0fe4182de56ee62c7f91e8652cfafbfd7b8410
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/corelib/tools/qvector.h')
-rw-r--r-- | src/corelib/tools/qvector.h | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/corelib/tools/qvector.h b/src/corelib/tools/qvector.h index f56511edbf..505e1a32e4 100644 --- a/src/corelib/tools/qvector.h +++ b/src/corelib/tools/qvector.h @@ -438,11 +438,15 @@ QVector<T>::QVector(int asize, const T &t) template <typename T> QVector<T>::QVector(std::initializer_list<T> args) { - d = Data::allocate(args.size()); - // std::initializer_list<T>::iterator is guaranteed to be - // const T* ([support.initlist]/1), so can be memcpy'ed away from by copyConstruct - copyConstruct(args.begin(), args.end(), d->begin()); - d->size = int(args.size()); + if (args.size() > 0) { + d = Data::allocate(args.size()); + // std::initializer_list<T>::iterator is guaranteed to be + // const T* ([support.initlist]/1), so can be memcpy'ed away from by copyConstruct + copyConstruct(args.begin(), args.end(), d->begin()); + d->size = int(args.size()); + } else { + d = Data::sharedNull(); + } } #endif |