From c803af51677c31ec7010f5c481ad59272694f138 Mon Sep 17 00:00:00 2001
From: Joerg Bornemann <joerg.bornemann@digia.com>
Date: Wed, 22 Oct 2014 18:06:36 +0200
Subject: fix crash when dropping a file into an empty QTextEdit

Since commit be0bfe09ee4b99e9ab45c6898949b5d144e77a29 we return -1 in
QTextEngine::findItem if the item cannot be found.
Calling code must be prepared for this case.
Otherwise we run into an out-of-bounds vector access later on.

Task-number: QTBUG-42103
Change-Id: Ie338cd1fc3cf0ce1e8edfa59dead635669020a33
Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com>
---
 src/gui/text/qtextlayout.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp
index adc5663299..911d1b8bc7 100644
--- a/src/gui/text/qtextlayout.cpp
+++ b/src/gui/text/qtextlayout.cpp
@@ -2559,6 +2559,10 @@ qreal QTextLine::cursorToX(int *cursorPos, Edge edge) const
     }
     else
         itm = eng->findItem(pos);
+    if (itm < 0) {
+        *cursorPos = 0;
+        return x.toReal();
+    }
     eng->shapeLine(line);
 
     const QScriptItem *si = &eng->layoutData->items[itm];
-- 
cgit v1.2.3