From 6abfc992b9d70837d42fcef3f2e2637464063899 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Abecasis?= <joao.abecasis@nokia.com>
Date: Wed, 4 Apr 2012 15:00:41 +0200
Subject: Make reallocData() take (unsigned) size, including null

The parameter represents an allocation size and unsigned matches the
Q*Data::alloc member it ultimately represents (even if they currently
differ in accounting for the null).

There's still work up for grabs to ensure we avoid integer overflows
when growing.

Change-Id: Ib092fec37ec2ceed37bebfdc52e2de27b336328f
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
 src/corelib/tools/qbytearray.cpp | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

(limited to 'src/corelib/tools/qbytearray.cpp')

diff --git a/src/corelib/tools/qbytearray.cpp b/src/corelib/tools/qbytearray.cpp
index 32834ebd7e..43f666e075 100644
--- a/src/corelib/tools/qbytearray.cpp
+++ b/src/corelib/tools/qbytearray.cpp
@@ -919,7 +919,7 @@ QByteArray &QByteArray::operator=(const char *str)
     } else {
         int len = strlen(str);
         if (d->ref.isShared() || len > int(d->alloc) || (len < d->size && len < int(d->alloc) >> 1))
-            reallocData(len);
+            reallocData(uint(len) + 1u);
         x = d;
         memcpy(x->data(), str, len + 1); // include null terminator
         x->size = len;
@@ -1432,7 +1432,7 @@ void QByteArray::resize(int size)
     } else {
         if (d->ref.isShared() || size > int(d->alloc)
             || (!d->capacityReserved && size < d->size && size < int(d->alloc) >> 1))
-            reallocData(size, true);
+            reallocData(uint(size) + 1u, true);
         if (d->alloc) {
             d->size = size;
             d->data()[size] = '\0';
@@ -1459,17 +1459,17 @@ QByteArray &QByteArray::fill(char ch, int size)
     return *this;
 }
 
-void QByteArray::reallocData(int alloc, bool grow)
+void QByteArray::reallocData(uint alloc, bool grow)
 {
     if (grow)
-        alloc = qAllocMore(alloc + 1, sizeof(Data)) - 1;
+        alloc = qAllocMore(alloc, sizeof(Data));
 
     if (d->ref.isShared() || IS_RAW_DATA(d)) {
-        Data *x = static_cast<Data *>(malloc(sizeof(Data) + alloc + 1));
+        Data *x = static_cast<Data *>(malloc(sizeof(Data) + alloc));
         Q_CHECK_PTR(x);
         x->ref.initializeOwned();
-        x->size = qMin(alloc, d->size);
-        x->alloc = alloc;
+        x->size = qMin(int(alloc) - 1, d->size);
+        x->alloc = alloc - 1u;
         x->capacityReserved = d->capacityReserved;
         x->offset = sizeof(QByteArrayData);
         ::memcpy(x->data(), d->data(), x->size);
@@ -1478,9 +1478,9 @@ void QByteArray::reallocData(int alloc, bool grow)
             free(d);
         d = x;
     } else {
-        Data *x = static_cast<Data *>(::realloc(d, sizeof(Data) + alloc + 1));
+        Data *x = static_cast<Data *>(::realloc(d, sizeof(Data) + alloc));
         Q_CHECK_PTR(x);
-        x->alloc = alloc;
+        x->alloc = alloc - 1u;
         x->offset = sizeof(QByteArrayData);
         d = x;
     }
@@ -1566,7 +1566,7 @@ QByteArray &QByteArray::prepend(const char *str, int len)
 {
     if (str) {
         if (d->ref.isShared() || d->size + len > int(d->alloc))
-            reallocData(d->size + len, true);
+            reallocData(uint(d->size + len) + 1u, true);
         memmove(d->data()+len, d->data(), d->size);
         memcpy(d->data(), str, len);
         d->size += len;
@@ -1584,7 +1584,7 @@ QByteArray &QByteArray::prepend(const char *str, int len)
 QByteArray &QByteArray::prepend(char ch)
 {
     if (d->ref.isShared() || d->size + 1 > int(d->alloc))
-        reallocData(d->size + 1, true);
+        reallocData(uint(d->size) + 2u, true);
     memmove(d->data()+1, d->data(), d->size);
     d->data()[0] = ch;
     ++d->size;
@@ -1622,7 +1622,7 @@ QByteArray &QByteArray::append(const QByteArray &ba)
         *this = ba;
     } else if (ba.d != &shared_null.ba) {
         if (d->ref.isShared() || d->size + ba.d->size > int(d->alloc))
-            reallocData(d->size + ba.d->size, true);
+            reallocData(uint(d->size + ba.d->size) + 1u, true);
         memcpy(d->data() + d->size, ba.d->data(), ba.d->size);
         d->size += ba.d->size;
         d->data()[d->size] = '\0';
@@ -1656,7 +1656,7 @@ QByteArray& QByteArray::append(const char *str)
     if (str) {
         int len = strlen(str);
         if (d->ref.isShared() || d->size + len > int(d->alloc))
-            reallocData(d->size + len, true);
+            reallocData(uint(d->size + len) + 1u, true);
         memcpy(d->data() + d->size, str, len + 1); // include null terminator
         d->size += len;
     }
@@ -1681,7 +1681,7 @@ QByteArray &QByteArray::append(const char *str, int len)
         len = qstrlen(str);
     if (str && len) {
         if (d->ref.isShared() || d->size + len > int(d->alloc))
-            reallocData(d->size + len, true);
+            reallocData(uint(d->size + len) + 1u, true);
         memcpy(d->data() + d->size, str, len); // include null terminator
         d->size += len;
         d->data()[d->size] = '\0';
@@ -1698,7 +1698,7 @@ QByteArray &QByteArray::append(const char *str, int len)
 QByteArray& QByteArray::append(char ch)
 {
     if (d->ref.isShared() || d->size + 1 > int(d->alloc))
-        reallocData(d->size + 1, true);
+        reallocData(uint(d->size) + 2u, true);
     d->data()[d->size++] = ch;
     d->data()[d->size] = '\0';
     return *this;
-- 
cgit v1.2.3