From ec77f93b389d0a69af54f278a8bf7c4919fd696c Mon Sep 17 00:00:00 2001
From: Volker Krause <volker.krause@kdab.com>
Date: Fri, 17 Jan 2014 13:28:37 +0100
Subject: Fix crash when constructing a QVector with an empty initializer list.

Data::allocate(0) returns a pointer to read-only memory, updating d->size
will segfault. The safety check for this exists in all other QVector ctors
already.

Change-Id: Ida0fe4182de56ee62c7f91e8652cfafbfd7b8410
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
 src/corelib/tools/qvector.h | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/corelib/tools/qvector.h b/src/corelib/tools/qvector.h
index f56511edbf..505e1a32e4 100644
--- a/src/corelib/tools/qvector.h
+++ b/src/corelib/tools/qvector.h
@@ -438,11 +438,15 @@ QVector<T>::QVector(int asize, const T &t)
 template <typename T>
 QVector<T>::QVector(std::initializer_list<T> args)
 {
-    d = Data::allocate(args.size());
-    // std::initializer_list<T>::iterator is guaranteed to be
-    // const T* ([support.initlist]/1), so can be memcpy'ed away from by copyConstruct
-    copyConstruct(args.begin(), args.end(), d->begin());
-    d->size = int(args.size());
+    if (args.size() > 0) {
+        d = Data::allocate(args.size());
+        // std::initializer_list<T>::iterator is guaranteed to be
+        // const T* ([support.initlist]/1), so can be memcpy'ed away from by copyConstruct
+        copyConstruct(args.begin(), args.end(), d->begin());
+        d->size = int(args.size());
+    } else {
+        d = Data::sharedNull();
+    }
 }
 #endif
 
-- 
cgit v1.2.3