From 2e7b1e0e8e606f1e35d666dd80f512b3c37d2c6a Mon Sep 17 00:00:00 2001
From: Robin Burchell <robin.burchell@crimson.no>
Date: Wed, 18 Jan 2017 02:22:39 +0100
Subject: QQmlListModel: Fix potential uninitialized value

If roleCount is 0, alloca(0) will give us a pointer. The loop will then not
initialize the returned pointer (due to the roleCount being 0), passing an
uninitialized changedRoles to emitDirectNotifies.

emitDirectNotifies doesn't access changedRoles unconditionally (via
another for loop), but this is probably better to check than not.

Coverity-Id: 172868
Done-with: John Brooks
Change-Id: I821c06221d2659d3310082b4e81442cc58b197f7
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
---
 src/qml/types/qqmllistmodel.cpp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/qml/types/qqmllistmodel.cpp b/src/qml/types/qqmllistmodel.cpp
index 5e06455b26..cc4ccbaeb1 100644
--- a/src/qml/types/qqmllistmodel.cpp
+++ b/src/qml/types/qqmllistmodel.cpp
@@ -1267,10 +1267,12 @@ void ModelNodeMetaObject::updateValues()
 {
     const int roleCount = m_model->m_listModel->roleCount();
     if (!m_initialized) {
-        int *changedRoles = reinterpret_cast<int *>(alloca(roleCount * sizeof(int)));
-        for (int i = 0; i < roleCount; ++i)
-            changedRoles[i] = i;
-        emitDirectNotifies(changedRoles, roleCount);
+        if (roleCount) {
+            int *changedRoles = reinterpret_cast<int *>(alloca(roleCount * sizeof(int)));
+            for (int i = 0; i < roleCount; ++i)
+                changedRoles[i] = i;
+            emitDirectNotifies(changedRoles, roleCount);
+        }
         return;
     }
     for (int i=0 ; i < roleCount ; ++i) {
-- 
cgit v1.2.3