2 files changed, 5 insertions, 0 deletions

diff --git a/src/corelib/tools/qarraydata.cpp b/src/corelib/tools/qarraydata.cpp
index 5feb1ac8f6..8ca315024d 100644
--- a/src/corelib/tools/qarraydata.cpp
+++ b/src/corelib/tools/qarraydata.cpp
@@ -235,6 +235,9 @@ QArrayData::reallocateUnaligned(QArrayData *data, void *dataPointer,
 
     const qsizetype headerSize = sizeof(QArrayData);
     qsizetype allocSize = calculateBlockSize(capacity, objectSize, headerSize, option);
+    if (Q_UNLIKELY(allocSize < 0))
+        return qMakePair<QArrayData *, void *>(nullptr, nullptr);
+
     const qptrdiff offset = dataPointer
             ? reinterpret_cast<char *>(dataPointer) - reinterpret_cast<char *>(data)
             : headerSize;
diff --git a/src/corelib/tools/qarraydataops.h b/src/corelib/tools/qarraydataops.h
index cf054a089f..0c7703c588 100644
--- a/src/corelib/tools/qarraydataops.h
+++ b/src/corelib/tools/qarraydataops.h
@@ -286,6 +286,7 @@ public:
     void reallocate(qsizetype alloc, QArrayData::AllocationOption option)
     {
         auto pair = Data::reallocateUnaligned(this->d, this->ptr, alloc, option);
+        Q_CHECK_PTR(pair.second);
         Q_ASSERT(pair.first != nullptr);
         this->d = pair.first;
         this->ptr = pair.second;
@@ -849,6 +850,7 @@ public:
     void reallocate(qsizetype alloc, QArrayData::AllocationOption option)
     {
         auto pair = Data::reallocateUnaligned(this->d, this->ptr, alloc, option);
+        Q_CHECK_PTR(pair.second);
         Q_ASSERT(pair.first != nullptr);
         this->d = pair.first;
         this->ptr = pair.second;