From d82d5b1c43b270ef6f4f0d90ce5d7d96ea0b7a97 Mon Sep 17 00:00:00 2001 From: Mikhail Lappo Date: Wed, 3 Jun 2015 10:09:42 +0300 Subject: Check for integer overflows in places where qAllocMore is used Task-number: QTBUG-41230 Change-Id: Ic2167364e326092482657f2d2b4ab6ad3e5af631 (partially cherry-picked from 880986be2357a1f80827d038d770dc2f80300201) Reviewed-by: Thiago Macieira --- src/gui/text/qfragmentmap_p.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/gui') diff --git a/src/gui/text/qfragmentmap_p.h b/src/gui/text/qfragmentmap_p.h index 012d3c25ce..a19e3d9ea3 100644 --- a/src/gui/text/qfragmentmap_p.h +++ b/src/gui/text/qfragmentmap_p.h @@ -249,6 +249,8 @@ uint QFragmentMapData::createFragment() uint freePos = head->freelist; if (freePos == head->allocated) { // need to create some free space + if (freePos >= uint(MaxAllocSize) / fragmentSize) + qBadAlloc(); uint needed = qAllocMore((freePos+1)*fragmentSize, 0); Q_ASSERT(needed/fragmentSize > head->allocated); Fragment *newFragments = (Fragment *)realloc(fragments, needed); -- cgit v1.2.3