Correctly check length limit in Array.push()

getLength() returns a 64 bit value, so check against UINT_MAX instead of checking for an implicit overflow Change-Id: I9ac7f582a85bc696faa42dd10170b9b03b33bcf9 Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
author: Lars Knoll <lars.knoll@qt.io> 2018-04-16 12:32:17 +0200
committer: Lars Knoll <lars.knoll@qt.io> 2018-05-02 14:19:37 +0000
commit: f1162921dfba638585f2c10760443df003ae7e4c (patch)
tree: f696a4ced54c5ff3f40d24c0e862fa1ecd300314 /src/qml/jsruntime/qv4arrayobject.cpp
parent: cf4a68d5bc85877e1166117aa0d4c520509d1c0e (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/qml/jsruntime/qv4arrayobject.cpp b/src/qml/jsruntime/qv4arrayobject.cpp
index 37c386d781..9b9a2f1052 100644
--- a/src/qml/jsruntime/qv4arrayobject.cpp
+++ b/src/qml/jsruntime/qv4arrayobject.cpp
@@ -352,9 +352,9 @@ ReturnedValue ArrayPrototype::method_push(const FunctionObject *b, const Value *
     instance->arrayCreate();
     Q_ASSERT(instance->arrayData());
 
-    uint len = instance->getLength();
+    quint64 len = instance->getLength();
 
-    if (len + argc < len) {
+    if (len + quint64(argc) >= UINT_MAX) {
         // ughh... this goes beyond UINT_MAX
         double l = len;
         ScopedString s(scope);
author	Lars Knoll <lars.knoll@qt.io>	2018-04-16 12:32:17 +0200
committer	Lars Knoll <lars.knoll@qt.io>	2018-05-02 14:19:37 +0000
commit	f1162921dfba638585f2c10760443df003ae7e4c (patch)
tree	f696a4ced54c5ff3f40d24c0e862fa1ecd300314 /src/qml/jsruntime/qv4arrayobject.cpp
parent	cf4a68d5bc85877e1166117aa0d4c520509d1c0e (diff)