diff options
author | Lars Knoll <lars.knoll@theqtcompany.com> | 2015-10-14 14:25:41 +0200 |
---|---|---|
committer | Liang Qi <liang.qi@theqtcompany.com> | 2015-10-20 06:47:42 +0000 |
commit | af390399c8017f69cfc9cdd4ef74144e6810fbe2 (patch) | |
tree | e33b26d89637636c178131981aec28485d70599e /src/qml/jsruntime/qv4object.cpp | |
parent | 41dacccfbc53eeb0568a4d0bab766259abe26762 (diff) |
Fix a crash when copying array data
Regression from 5.5. d()->arrayData->alloc can be larger, but
never smaller than the allocation of the other's array data.
Change-Id: I7d2265768f9d6e6298bfbba0d674a4d0e642422f
Task-number: QTBUG-48727
Reviewed-by: Liang Qi <liang.qi@theqtcompany.com>
Reviewed-by: Nikita Krupenko <krnekit@gmail.com>
Reviewed-by: Simon Hausmann <simon.hausmann@theqtcompany.com>
Diffstat (limited to 'src/qml/jsruntime/qv4object.cpp')
-rw-r--r-- | src/qml/jsruntime/qv4object.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/qml/jsruntime/qv4object.cpp b/src/qml/jsruntime/qv4object.cpp index ee3539c176..ba29d52bc6 100644 --- a/src/qml/jsruntime/qv4object.cpp +++ b/src/qml/jsruntime/qv4object.cpp @@ -1107,7 +1107,7 @@ void Object::copyArrayData(Object *other) dd->len = other->d()->arrayData->len; dd->offset = other->d()->arrayData->offset; } - memcpy(d()->arrayData->arrayData, other->d()->arrayData->arrayData, d()->arrayData->alloc*sizeof(Value)); + memcpy(d()->arrayData->arrayData, other->d()->arrayData->arrayData, other->d()->arrayData->alloc*sizeof(Value)); } setArrayLengthUnchecked(other->getLength()); } |