From 880986be2357a1f80827d038d770dc2f80300201 Mon Sep 17 00:00:00 2001
From: Ulf Hermann <ulf.hermann@digia.com>
Date: Fri, 19 Sep 2014 16:12:24 +0200
Subject: Check for integer overflows in places where qAllocMore is used

Task-number: QTBUG-41230
Change-Id: I5e932c2540c0bd67f13fab3ae20975d459f82c08
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
---
 src/corelib/tools/qlist.cpp | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/corelib/tools/qlist.cpp')

diff --git a/src/corelib/tools/qlist.cpp b/src/corelib/tools/qlist.cpp
index 8e2bed7a7c..f32cd78801 100644
--- a/src/corelib/tools/qlist.cpp
+++ b/src/corelib/tools/qlist.cpp
@@ -55,6 +55,8 @@ const QListData::Data QListData::shared_null = { Q_REFCOUNT_INITIALIZE_STATIC, 0
 
 static int grow(int size)
 {
+    if (size_t(size) > (MaxAllocSize - QListData::DataHeaderSize) / sizeof(void *))
+        qBadAlloc();
     // dear compiler: don't optimize me out.
     volatile int x = qAllocMore(size * sizeof(void *), QListData::DataHeaderSize) / sizeof(void *);
     return x;
-- 
cgit v1.2.3