diff options
author | Mitch Curtis <mitch.curtis@digia.com> | 2013-05-30 14:51:18 +0200 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-06-05 10:46:51 +0200 |
commit | 9aa24645eb09be9e1d05060b2d976327726cb747 (patch) | |
tree | 2e692b3b006240a554425f310d00324f894a5241 /src/corelib | |
parent | f36374727e5445cdab489a27605c35d1c4515317 (diff) |
Prevent negative size in QBitArray, QVector and QVarLengthArray ctors.
As shown in QTBUG-24345, QBitArray will exhibit invalid reads when
initialised with a negative size and run under valgrind.
QVector and QVarLengthArray both cause a crash if initialised with a
negative size.
This patch enforces sizes greater than or equal to 0 with asserts and
existing if statements, and hence impose no performance penalty for
release builds.
Task-number: QTBUG-24345
Task-number: QTBUG-30037
Change-Id: I9a969f6016e0a59904a60bbfe9e5360e6f523b87
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/corelib')
-rw-r--r-- | src/corelib/tools/qbitarray.cpp | 3 | ||||
-rw-r--r-- | src/corelib/tools/qvarlengtharray.h | 2 | ||||
-rw-r--r-- | src/corelib/tools/qvector.h | 6 |
3 files changed, 8 insertions, 3 deletions
diff --git a/src/corelib/tools/qbitarray.cpp b/src/corelib/tools/qbitarray.cpp index 2b459b2b1b..b04c4f9c3d 100644 --- a/src/corelib/tools/qbitarray.cpp +++ b/src/corelib/tools/qbitarray.cpp @@ -122,7 +122,8 @@ QT_BEGIN_NAMESPACE */ QBitArray::QBitArray(int size, bool value) { - if (!size) { + Q_ASSERT_X(size >= 0, "QBitArray::QBitArray", "Size must be greater than or equal to 0."); + if (size <= 0) { d.resize(0); return; } diff --git a/src/corelib/tools/qvarlengtharray.h b/src/corelib/tools/qvarlengtharray.h index 3a2028057d..825e05ae1b 100644 --- a/src/corelib/tools/qvarlengtharray.h +++ b/src/corelib/tools/qvarlengtharray.h @@ -197,6 +197,8 @@ private: template <class T, int Prealloc> Q_INLINE_TEMPLATE QVarLengthArray<T, Prealloc>::QVarLengthArray(int asize) : s(asize) { + Q_STATIC_ASSERT_X(Prealloc > 0, "QVarLengthArray Prealloc must be greater than 0."); + Q_ASSERT_X(s >= 0, "QVarLengthArray::QVarLengthArray()", "Size must be greater than or equal to 0."); if (s > Prealloc) { ptr = reinterpret_cast<T *>(malloc(s * sizeof(T))); Q_CHECK_PTR(ptr); diff --git a/src/corelib/tools/qvector.h b/src/corelib/tools/qvector.h index 816e1f15f6..489ee821b9 100644 --- a/src/corelib/tools/qvector.h +++ b/src/corelib/tools/qvector.h @@ -398,7 +398,8 @@ QVector<T> &QVector<T>::operator=(const QVector<T> &v) template <typename T> QVector<T>::QVector(int asize) { - if (Q_LIKELY(asize)) { + Q_ASSERT_X(asize >= 0, "QVector::QVector", "Size must be greater than or equal to 0."); + if (Q_LIKELY(asize > 0)) { d = Data::allocate(asize); d->size = asize; defaultConstruct(d->begin(), d->end()); @@ -410,7 +411,8 @@ QVector<T>::QVector(int asize) template <typename T> QVector<T>::QVector(int asize, const T &t) { - if (asize) { + Q_ASSERT_X(asize >= 0, "QVector::QVector", "Size must be greater than or equal to 0."); + if (asize > 0) { d = Data::allocate(asize); d->size = asize; T* i = d->end(); |