Fix crash when constructing a QVector with an empty initializer list.

Data::allocate(0) returns a pointer to read-only memory, updating d->size
will segfault. The safety check for this exists in all other QVector ctors
already.

Change-Id: Ida0fe4182de56ee62c7f91e8652cfafbfd7b8410
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>

1 files changed, 9 insertions, 5 deletions

diff --git a/src/corelib/tools/qvector.h b/src/corelib/tools/qvector.h
index f56511edbf..505e1a32e4 100644
--- a/src/corelib/tools/qvector.h
+++ b/src/corelib/tools/qvector.h
@@ -438,11 +438,15 @@ QVector<T>::QVector(int asize, const T &t)
 template <typename T>
 QVector<T>::QVector(std::initializer_list<T> args)
 {
-    d = Data::allocate(args.size());
-    // std::initializer_list<T>::iterator is guaranteed to be
-    // const T* ([support.initlist]/1), so can be memcpy'ed away from by copyConstruct
-    copyConstruct(args.begin(), args.end(), d->begin());
-    d->size = int(args.size());
+    if (args.size() > 0) {
+        d = Data::allocate(args.size());
+        // std::initializer_list<T>::iterator is guaranteed to be
+        // const T* ([support.initlist]/1), so can be memcpy'ed away from by copyConstruct
+        copyConstruct(args.begin(), args.end(), d->begin());
+        d->size = int(args.size());
+    } else {
+        d = Data::sharedNull();
+    }
 }
 #endif