QCborArray: fix operator[] that extends the array

This was never tested. The infinite loop in QCborContainerPrivate::grow is the proof. [ChangeLog][QtCore][QCborArray] Fixed an infinite loop when operator[] was called with with an index larger than the array's size plus 1. Change-Id: Ibdc95e9af7bd456a94ecfffd1603df3855c73f20 Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
2020-04-08 11:42:06 -03:00 · 2020-04-08 11:42:06 -03:00 · 954d66e572
commit 954d66e572
parent 57a57fda78
2 changed files with 55 additions and 1 deletions
--- a/src/corelib/serialization/qcborvalue.cpp
+++ b/src/corelib/serialization/qcborvalue.cpp
@ -956,7 +956,7 @@ QCborContainerPrivate *QCborContainerPrivate::grow(QCborContainerPrivate *d, qsi
    d = detach(d, index + 1);
    Q_ASSERT(d);
    int j = d->elements.size();
-    while (j < index)
+    while (j++ < index)
        d->append(Undefined());
    return d;
 }
--- a/tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp
+++ b/tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp
@ -65,6 +65,7 @@ private slots:
    void arrayEmptyDetach();
    void arrayInitializerList();
    void arrayMutation();
+    void arrayMutateWithCopies();
    void arrayPrepend();
    void arrayInsertRemove_data() { basics_data(); }
    void arrayInsertRemove();
@ -817,6 +818,59 @@ void tst_QCborValue::arrayMutation()
    QCOMPARE(val[2].toArray().size(), 5);
 }

+void tst_QCborValue::arrayMutateWithCopies()
+{
+    {
+        QCborArray array;
+        array.append("TEST");
+        QCOMPARE(array.size(), 1);
+        QCOMPARE(array.at(0), "TEST");
+
+        array.append(array.at(0));
+        QCOMPARE(array.size(), 2);
+        QCOMPARE(array.at(0), "TEST");
+        QCOMPARE(array.at(1), "TEST");
+    }
+    {
+        QCborArray array;
+        array.append("TEST");
+        QCOMPARE(array.size(), 1);
+        QCOMPARE(array.at(0), "TEST");
+
+        // same as previous, but with prepend() not append()
+        array.prepend(array.at(0));
+        QCOMPARE(array.size(), 2);
+        QCOMPARE(array.at(0), "TEST");
+        QCOMPARE(array.at(1), "TEST");
+    }
+    {
+        QCborArray array;
+        array.append("TEST");
+        QCOMPARE(array.size(), 1);
+        QCOMPARE(array.at(0), "TEST");
+
+        // same as previous, but using a QCborValueRef
+        QCborValueRef rv = array[0];
+        array.prepend(rv);
+        QCOMPARE(array.size(), 2);
+        QCOMPARE(array.at(0), "TEST");
+        QCOMPARE(array.at(1), "TEST");
+    }
+    {
+        QCborArray array;
+        array.append("TEST");
+        QCOMPARE(array.size(), 1);
+        QCOMPARE(array.at(0), "TEST");
+
+        // same as previous, but now extending the array
+        QCborValueRef rv = array[0];
+        array[2] = rv;
+        QCOMPARE(array.size(), 3);
+        QCOMPARE(array.at(0), "TEST");
+        QCOMPARE(array.at(2), "TEST");
+    }
+}
+
 void tst_QCborValue::mapMutation()
 {
    QCborMap m;