QVarLengthArray: fix aliasing error in insert(it, n, v)

Taking the copy after the resize is completely pointless: the copy is there to ensure that `t`, being a reference potentially aliasing an element in [begin(), end()[ before the resize(), isn't invalidated by the resize(), so it must be taken before resize(). Add a comment so the next rewrite doesn't cause this to be mixed up again. [ChangeLog][QtCore][QVarLengthArray] Fixed an aliasing bug affecting insertions of objects aliasing existing elements. Pick-to: 6.2 6.1 6.0 5.15 5.12 Change-Id: I26bc449fa99bf8d09a19147a12a69ac4314cc61d Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
2021-06-25 23:54:05 +02:00 · 2021-06-25 23:54:05 +02:00 · 6e57e41f9a
commit 6e57e41f9a
parent 87d8ee755b
1 changed files with 1 additions and 1 deletions
--- a/src/corelib/tools/qvarlengtharray.h
+++ b/src/corelib/tools/qvarlengtharray.h
@ -647,8 +647,8 @@ Q_OUTOFLINE_TEMPLATE typename QVarLengthArray<T, Prealloc>::iterator QVarLengthA

    qsizetype offset = qsizetype(before - ptr);
    if (n != 0) {
+        const T copy(t); // `t` could alias an element in [begin(), end()[
        resize(s + n);
-        const T copy(t);
        if (!QTypeInfo<T>::isRelocatable) {
            T *b = ptr + offset;
            T *j = ptr + s;