From 746ab5f16d5c297567341797869b124868a926fe Mon Sep 17 00:00:00 2001 From: Lars Knoll Date: Wed, 2 Oct 2019 15:12:17 +0200 Subject: Remove potential out of bounds accesses to QList Change-Id: I13431e45ef329921a8846c38047f704a299a1a94 Reviewed-by: Marc Mutz Reviewed-by: Frederik Gladhorn --- src/corelib/animation/qanimationgroup.cpp | 5 ++++- src/corelib/kernel/qobject.cpp | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/corelib/animation/qanimationgroup.cpp b/src/corelib/animation/qanimationgroup.cpp index ed40817222..69e2cfc9bc 100644 --- a/src/corelib/animation/qanimationgroup.cpp +++ b/src/corelib/animation/qanimationgroup.cpp @@ -195,8 +195,11 @@ void QAnimationGroup::insertAnimation(int index, QAbstractAnimation *animation) return; } - if (QAnimationGroup *oldGroup = animation->group()) + if (QAnimationGroup *oldGroup = animation->group()) { oldGroup->removeAnimation(animation); + // ensure we don't insert out of bounds if oldGroup == this + index = qMin(index, d->animations.size()); + } d->animations.insert(index, animation); QAbstractAnimationPrivate::get(animation)->group = this; diff --git a/src/corelib/kernel/qobject.cpp b/src/corelib/kernel/qobject.cpp index cf107498dd..fb0d54c801 100644 --- a/src/corelib/kernel/qobject.cpp +++ b/src/corelib/kernel/qobject.cpp @@ -2157,7 +2157,9 @@ void QObjectPrivate::setParent_helper(QObject *o) // cleared our entry in parentD->children. } else { const int index = parentD->children.indexOf(q); - if (parentD->isDeletingChildren) { + if (index < 0) { + // we're probably recursing into setParent() from a ChildRemoved event, don't do anything + } else if (parentD->isDeletingChildren) { parentD->children[index] = 0; } else { parentD->children.removeAt(index); -- cgit v1.2.3