Check for numeric limits when growing SharedInternalClassDataPrivate

We can effectively only deal with values of < 2GB for m_alloc * sizeof(Data). This is not much more than the values seen in the wild. Change-Id: Ia6972df33d34a320b5b087d38db81aae24ce5bbe Reviewed-by: Lars Knoll <lars.knoll@qt.io>
author: Ulf Hermann <ulf.hermann@qt.io> 2019-03-26 09:40:03 +0100
committer: Ulf Hermann <ulf.hermann@qt.io> 2019-03-27 09:23:14 +0000
commit: 1e18f2c4a647923fc66a3e3204fcccd88a2960a6 (patch)
tree: bdedb8120674da3c7abc4eea19f197ddca2ee5d4 /src/qml/jsruntime/qv4internalclass_p.h
parent: 60f766f5c68fc33322c6d095d81b1856828b2b0b (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/src/qml/jsruntime/qv4internalclass_p.h b/src/qml/jsruntime/qv4internalclass_p.h
index 121238c555..42b61218a5 100644
--- a/src/qml/jsruntime/qv4internalclass_p.h
+++ b/src/qml/jsruntime/qv4internalclass_p.h
@@ -247,8 +247,12 @@ struct SharedInternalClassData {
         Q_ASSERT(pos == d->size());
         if (pos == d->alloc())
             d->grow();
-        d->setSize(d->size() + 1);
-        d->set(pos, value);
+        if (pos >= d->alloc()) {
+            qBadAlloc();
+        } else {
+            d->setSize(d->size() + 1);
+            d->set(pos, value);
+        }
     }
 
     void set(uint pos, T value) {
author	Ulf Hermann <ulf.hermann@qt.io>	2019-03-26 09:40:03 +0100
committer	Ulf Hermann <ulf.hermann@qt.io>	2019-03-27 09:23:14 +0000
commit	1e18f2c4a647923fc66a3e3204fcccd88a2960a6 (patch)
tree	bdedb8120674da3c7abc4eea19f197ddca2ee5d4 /src/qml/jsruntime/qv4internalclass_p.h
parent	60f766f5c68fc33322c6d095d81b1856828b2b0b (diff)