QSGBatchRender: avoid crash if buffer shrinks

The QRhiBuffer does not shrink; thus we can end up with
buffer->buf->size > buffer->size. This would subsequently lead to an
out-of-bounds memory access, and a crash. Fix this by using the
uploadStaticBuffer overload which takes the size.
As a drive-by, remove pointless QByteArray::fromRawData call.

Change-Id: I40058ada6a6a5eb745ae559e8c9ed474fd41f75c
Reviewed-by: Laszlo Agocs <laszlo.agocs@qt.io>
(cherry picked from commit f0a51eef5696782ec325b20f14cfe353d0a58d20)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp b/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp
index aa46b5a509..2272956121 100644
--- a/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp
+++ b/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp
@@ -1073,11 +1073,11 @@ void Renderer::unmap(Buffer *buffer, bool isIndexBuf)
     }
     if (buffer->buf->type() != QRhiBuffer::Dynamic) {
         m_resourceUpdates->uploadStaticBuffer(buffer->buf,
-                                              QByteArray::fromRawData(buffer->data, buffer->size));
+                                             0, buffer->size, buffer->data);
         buffer->nonDynamicChangeCount += 1;
     } else {
         m_resourceUpdates->updateDynamicBuffer(buffer->buf, 0, buffer->size,
-                                               QByteArray::fromRawData(buffer->data, buffer->size));
+                                               buffer->data);
     }
     if (m_visualizer->mode() == Visualizer::VisualizeNothing)
         buffer->data = nullptr;