Remove potential out of bounds accesses to QList

Change-Id: I13431e45ef329921a8846c38047f704a299a1a94
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@qt.io>

2 files changed, 7 insertions, 2 deletions

diff --git a/src/corelib/animation/qanimationgroup.cpp b/src/corelib/animation/qanimationgroup.cpp
index ed40817222..69e2cfc9bc 100644
--- a/src/corelib/animation/qanimationgroup.cpp
+++ b/src/corelib/animation/qanimationgroup.cpp
@@ -195,8 +195,11 @@ void QAnimationGroup::insertAnimation(int index, QAbstractAnimation *animation)
         return;
     }
 
-    if (QAnimationGroup *oldGroup = animation->group())
+    if (QAnimationGroup *oldGroup = animation->group()) {
         oldGroup->removeAnimation(animation);
+        // ensure we don't insert out of bounds if oldGroup == this
+        index = qMin(index, d->animations.size());
+    }
 
     d->animations.insert(index, animation);
     QAbstractAnimationPrivate::get(animation)->group = this;
diff --git a/src/corelib/kernel/qobject.cpp b/src/corelib/kernel/qobject.cpp
index cf107498dd..fb0d54c801 100644
--- a/src/corelib/kernel/qobject.cpp
+++ b/src/corelib/kernel/qobject.cpp
@@ -2157,7 +2157,9 @@ void QObjectPrivate::setParent_helper(QObject *o)
             // cleared our entry in parentD->children.
         } else {
             const int index = parentD->children.indexOf(q);
-            if (parentD->isDeletingChildren) {
+            if (index < 0) {
+                // we're probably recursing into setParent() from a ChildRemoved event, don't do anything
+            } else if (parentD->isDeletingChildren) {
                 parentD->children[index] = 0;
             } else {
                 parentD->children.removeAt(index);