From 7d6ebbf355fb3e8a0729d0805fe6039eebe5dfdf Mon Sep 17 00:00:00 2001
From: Lars Knoll <lars.knoll@qt.io>
Date: Mon, 28 Aug 2017 08:59:03 +0200
Subject: Fix off-by-one error when mapping array index to offset in the array

Amends acaa28e916b0d89e3c243cc3f8a46fcf74d8be63

Change-Id: I1429b5d4b2102f9b0a6baea7c6872aecd739be44
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
---
 src/qml/jsruntime/qv4arraydata_p.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/qml/jsruntime/qv4arraydata_p.h b/src/qml/jsruntime/qv4arraydata_p.h
index 5028778877..6e41c756a8 100644
--- a/src/qml/jsruntime/qv4arraydata_p.h
+++ b/src/qml/jsruntime/qv4arraydata_p.h
@@ -144,7 +144,7 @@ DECLARE_HEAP_OBJECT(ArrayData, Base) {
 V4_ASSERT_IS_TRIVIAL(ArrayData)
 
 struct SimpleArrayData : public ArrayData {
-    uint mappedIndex(uint index) const { index += offset; if (index > values.alloc) index -= values.alloc; return index; }
+    uint mappedIndex(uint index) const { index += offset; if (index >= values.alloc) index -= values.alloc; return index; }
     const Value &data(uint index) const { return values[mappedIndex(index)]; }
     void setData(EngineBase *e, uint index, Value newVal) {
         values.set(e, mappedIndex(index), newVal);
-- 
cgit v1.2.3