From 954d66e5720b5dd7d31de62364f5e2a8df0bcac3 Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@intel.com>
Date: Wed, 8 Apr 2020 11:42:06 -0300
Subject: QCborArray: fix operator[] that extends the array

This was never tested. The infinite loop in QCborContainerPrivate::grow
is the proof.

[ChangeLog][QtCore][QCborArray] Fixed an infinite loop when operator[]
was called with with an index larger than the array's size plus 1.

Change-Id: Ibdc95e9af7bd456a94ecfffd1603df3855c73f20
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
---
 src/corelib/serialization/qcborvalue.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/corelib/serialization/qcborvalue.cpp b/src/corelib/serialization/qcborvalue.cpp
index ebb3665e0c..c45a09ad99 100644
--- a/src/corelib/serialization/qcborvalue.cpp
+++ b/src/corelib/serialization/qcborvalue.cpp
@@ -956,7 +956,7 @@ QCborContainerPrivate *QCborContainerPrivate::grow(QCborContainerPrivate *d, qsi
     d = detach(d, index + 1);
     Q_ASSERT(d);
     int j = d->elements.size();
-    while (j < index)
+    while (j++ < index)
         d->append(Undefined());
     return d;
 }
-- 
cgit v1.2.3