From ef288db325d3c115e0cf5f458c657bdee60a432f Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <albert.astals@canonical.com>
Date: Wed, 22 Jan 2014 15:14:34 +0100
Subject: qdoc: Fix crash in Generator::generateInnerNode

Using an iterator is not a good idea since the generateInnerNode can
end up adding new items to the childrenNode list and thus the iterator becomes invalid

Without this patch i was getting this trace in valgrind
    ==19251== Invalid read of size 8
    ==19251==    at 0x474350: Generator::generateInnerNode(InnerNode*) (generator.cpp:1018)
    ==19251==    by 0x4A422D: HtmlGenerator::generateTree() (htmlgenerator.cpp:276)
    ==19251==    by 0x4AC369: processQdocconfFile(QString const&) (main.cpp:515)
    ==19251==    by 0x40B894: main (main.cpp:669)
    ==19251==  Address 0x943c1c0 is 0 bytes after a block of size 32 free'd
    ==19251==    at 0x4C2C72E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==19251==    by 0x51676F2: QListData::realloc(int) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.2.0)
    ==19251==    by 0x51677EE: QListData::append(int) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.2.0)
    ==19251==    by 0x439BAB: QList<Node*>::append(Node* const&) (qlist.h:533)
    ==19251==    by 0x4B46B3: InnerNode::addChild(Node*) (node.cpp:1262)
    ==19251==    by 0x4B48DC: Node::Node(Node::Type, InnerNode*, QString const&) (node.cpp:179)
    ==19251==    by 0x4B539F: InnerNode::InnerNode(Node::Type, InnerNode*, QString const&) (node.cpp:1193)
    ==19251==    by 0x4B54EB: DocNode::DocNode(InnerNode*, QString const&, Node::SubType, Node::PageType) (node.cpp:1608)
    ==19251==    by 0x4C0C5E: QDocDatabase::findQmlModule(QString const&) (node.h:535)
    ==19251==    by 0x497EEA: HtmlGenerator::generateQmlRequisites(QmlClassNode*, CodeMarker*) (htmlgenerator.cpp:2005)
    ==19251==    by 0x4995B9: HtmlGenerator::generateDocNode(DocNode*, CodeMarker*) (htmlgenerator.cpp:1533)
    ==19251==    by 0x474508: Generator::generateInnerNode(InnerNode*) (generator.cpp:1010)
    ==19251==    by 0x474372: Generator::generateInnerNode(InnerNode*) (generator.cpp:1019)
    ==19251==    by 0x4A422D: HtmlGenerator::generateTree() (htmlgenerator.cpp:276)
    ==19251==    by 0x4AC369: processQdocconfFile(QString const&) (main.cpp:515)
    ==19251==    by 0x40B894: main (main.cpp:669)

Change-Id: I7a6ae0a689ea5edddacf7f27f9dce95b26a441df
Reviewed-by: Martin Smith <martin.smith@digia.com>
---
 src/tools/qdoc/generator.cpp | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/tools/qdoc/generator.cpp b/src/tools/qdoc/generator.cpp
index 3cbba788c8..b14a79dfab 100644
--- a/src/tools/qdoc/generator.cpp
+++ b/src/tools/qdoc/generator.cpp
@@ -1013,12 +1013,13 @@ void Generator::generateInnerNode(InnerNode* node)
         }
     }
 
-    NodeList::ConstIterator c = node->childNodes().constBegin();
-    while (c != node->childNodes().constEnd()) {
-        if ((*c)->isInnerNode() && (*c)->access() != Node::Private) {
-            generateInnerNode((InnerNode*)*c);
+    int i = 0;
+    while (i < node->childNodes().count()) {
+        Node *c = node->childNodes().at(i);
+        if (c->isInnerNode() && c->access() != Node::Private) {
+            generateInnerNode((InnerNode*)c);
         }
-        ++c;
+        ++i;
     }
 }
 
-- 
cgit v1.2.3