diff options
author | Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io> | 2019-08-07 15:25:49 +0200 |
---|---|---|
committer | Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io> | 2019-08-08 07:07:20 +0200 |
commit | 79e0effead13f60676bb5170fe92615d981827e7 (patch) | |
tree | 3f221d9ad5ddc0f347db9c6fd471623ad1026cbc /src/gui/text/qtextdocument_p.cpp | |
parent | 1880fba971ed8ae8e813829ff3668132371e88a7 (diff) |
Fix crash in QTextDocument::clearUndoRedoStacks()
When calling QTextDocument::clearUndoRedoStacks() with UndoStack,
there were two bugs: The first was that we were retrieving
the item at "undoState" and deleting this. This is actually the
upper limit of the for loop. If the stack does not contain any
redos, then it would be == undoStack.size() and we would assert.
If there were redos, then we would delete the item at undoState
multiple times (actually undoState times).
In addition, when the loop exited, we first removed the dangling
pointers using remove() and then there was a weird resize() to
the new size minus the old undoState.
This would either assert because we tried to resize to a negative
number, or it would arbitrarily remove items from the stack.
[ChangeLog][QtGui][Text] Fixed a crash bug in
QTextDocument::clearUndoRedoStacks(QTextDocument::UndoStack).
Task-number: QTBUG-69546
Change-Id: I8a93e828ec27970763a2756071fa0b01678d2dcd
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com>
Diffstat (limited to 'src/gui/text/qtextdocument_p.cpp')
-rw-r--r-- | src/gui/text/qtextdocument_p.cpp | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/gui/text/qtextdocument_p.cpp b/src/gui/text/qtextdocument_p.cpp index 66e038122c..059e665d12 100644 --- a/src/gui/text/qtextdocument_p.cpp +++ b/src/gui/text/qtextdocument_p.cpp @@ -1103,12 +1103,11 @@ void QTextDocumentPrivate::clearUndoRedoStacks(QTextDocument::Stacks stacksToCle bool redoCommandsAvailable = undoState != undoStack.size(); if (stacksToClear == QTextDocument::UndoStack && undoCommandsAvailable) { for (int i = 0; i < undoState; ++i) { - QTextUndoCommand c = undoStack.at(undoState); + QTextUndoCommand c = undoStack.at(i); if (c.command & QTextUndoCommand::Custom) delete c.custom; } undoStack.remove(0, undoState); - undoStack.resize(undoStack.size() - undoState); undoState = 0; if (emitSignals) emitUndoAvailable(false); |