Check for integer overflows in places where qAllocMore is used

Task-number: QTBUG-41230 Change-Id: Ic2167364e326092482657f2d2b4ab6ad3e5af631 (partially cherry-picked from 880986be2357a1f80827d038d770dc2f80300201) Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
author: Mikhail Lappo <mikhail.lappo@lge.com> 2015-06-03 10:09:42 +0300
committer: Mikhail Lappo <mikhail.lappo@lge.com> 2015-06-19 15:18:15 +0000
commit: d82d5b1c43b270ef6f4f0d90ce5d7d96ea0b7a97 (patch)
tree: 9ec8ff51d24ee7d7637eaff92b9c947042fb6378 /src/gui
parent: 34014406baaeac3e9d49d5654ef57ac6540a17a8 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/gui/text/qfragmentmap_p.h b/src/gui/text/qfragmentmap_p.h
index 012d3c25ce..a19e3d9ea3 100644
--- a/src/gui/text/qfragmentmap_p.h
+++ b/src/gui/text/qfragmentmap_p.h
@@ -249,6 +249,8 @@ uint QFragmentMapData<Fragment>::createFragment()
     uint freePos = head->freelist;
     if (freePos == head->allocated) {
         // need to create some free space
+        if (freePos >= uint(MaxAllocSize) / fragmentSize)
+            qBadAlloc();
         uint needed = qAllocMore((freePos+1)*fragmentSize, 0);
         Q_ASSERT(needed/fragmentSize > head->allocated);
         Fragment *newFragments = (Fragment *)realloc(fragments, needed);
author	Mikhail Lappo <mikhail.lappo@lge.com>	2015-06-03 10:09:42 +0300
committer	Mikhail Lappo <mikhail.lappo@lge.com>	2015-06-19 15:18:15 +0000
commit	d82d5b1c43b270ef6f4f0d90ce5d7d96ea0b7a97 (patch)
tree	9ec8ff51d24ee7d7637eaff92b9c947042fb6378 /src/gui
parent	34014406baaeac3e9d49d5654ef57ac6540a17a8 (diff)