diff options
author | Thiago Macieira <thiago.macieira@intel.com> | 2013-08-28 18:16:44 -0700 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-08-31 23:02:54 +0200 |
commit | 873ae53d47b34e51c0e44303499fad23737f9e5b (patch) | |
tree | 0c2e29856a9d4c9085a51d33cfb8061dbc042728 /src/corelib | |
parent | b4de54fcefecbc3edb1ce747579f53243943f4cf (diff) |
Fix corner-case counting of bits in QBitArray::count(bool)
This actually looks very wrong. First, it would try to read bits for
len == 0, which means it was actually reading the implicit NUL from
QByteArray (so valgrind would never catch the error).
Second, there was a corner case for testing the 8th bit (bit 7) in the
last byte. For len == 8 or 16 at the beginning of the last loop, it
would read bits[len / 8], which is again the implicit NUL from
QByteArray.
Compare to testBit (simplified):
return d.constData()[1+(i>>3)] & (1 << (i & 7)) != 0;
Task-number: QTBUG-11625
Change-Id: Idb361163de596b629cab42f2367ddd09456c2a98
Reviewed-by: Olivier Goffart <ogoffart@woboq.com>
Reviewed-by: Kurt Pattyn <pattyn.kurt@gmail.com>
Diffstat (limited to 'src/corelib')
-rw-r--r-- | src/corelib/tools/qbitarray.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/corelib/tools/qbitarray.cpp b/src/corelib/tools/qbitarray.cpp index 54c1ff8843..e432322aeb 100644 --- a/src/corelib/tools/qbitarray.cpp +++ b/src/corelib/tools/qbitarray.cpp @@ -174,10 +174,10 @@ int QBitArray::count(bool on) const bits += 3; numBits += int(qPopulationCount(v)); } - while (len >= 0) { - if (bits[len / 8] & (1 << ((len - 1) & 7))) - ++numBits; + while (len > 0) { --len; + if (bits[len / 8] & (1 << (len & 7))) + ++numBits; } #endif return on ? numBits : size() - numBits; |