QString::reserve fix to avoid truncation

In case of implicit memory sharing, QString::reserve caused data truncation if given size was smaller than size of data. Task-number: QTBUG-29664 Change-Id: If2da5ad051385635ebb829c18b5ebaa349f08e8a Reviewed-by: Olivier Goffart <ogoffart@woboq.com> Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
2013-08-22 17:45:47 -07:00 · 2013-08-22 17:45:47 -07:00 · e120ad442d
commit e120ad442d
parent 2864ba28e1
2 changed files with 14 additions and 2 deletions
--- a/src/corelib/tools/qstring.h
+++ b/src/corelib/tools/qstring.h
@ -934,8 +934,8 @@ inline QString::~QString() { if (!d->ref.deref()) Data::deallocate(d); }

 inline void QString::reserve(int asize)
 {
-    if (d->ref.isShared() || uint(asize) + 1u > d->alloc)
-        reallocData(uint(asize) + 1u);
+    if (d->ref.isShared() || uint(asize) >= d->alloc)
+        reallocData(qMax(asize, d->size) + 1u);

    if (!d->capacityReserved) {
        // cannot set unconditionally, since d could be the shared_null/shared_empty (which is const)
--- a/tests/auto/corelib/tools/qstring/tst_qstring.cpp
+++ b/tests/auto/corelib/tools/qstring/tst_qstring.cpp
@ -5240,6 +5240,18 @@ void tst_QString::resizeAfterReserve()
    s += "hello world";
    s.resize(0);
    QVERIFY(s.capacity() == 100);
+
+    // reserve() can't be used to truncate data
+    s.fill('x', 100);
+    s.reserve(50);
+    QVERIFY(s.capacity() == 100);
+    QVERIFY(s.size() == 100);
+
+    // even with increased ref count truncation isn't allowed
+    QString t = s;
+    s.reserve(50);
+    QVERIFY(s.capacity() == 100);
+    QVERIFY(s.size() == 100);
 }

 void tst_QString::resizeWithNegative() const