Fix crash when constructing a QVector with an empty initializer list.
Data::allocate(0) returns a pointer to read-only memory, updating d->size will segfault. The safety check for this exists in all other QVector ctors already. Change-Id: Ida0fe4182de56ee62c7f91e8652cfafbfd7b8410 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
This commit is contained in:
parent
eae8abbc18
commit
ec77f93b38
@ -438,11 +438,15 @@ QVector<T>::QVector(int asize, const T &t)
|
|||||||
template <typename T>
|
template <typename T>
|
||||||
QVector<T>::QVector(std::initializer_list<T> args)
|
QVector<T>::QVector(std::initializer_list<T> args)
|
||||||
{
|
{
|
||||||
d = Data::allocate(args.size());
|
if (args.size() > 0) {
|
||||||
// std::initializer_list<T>::iterator is guaranteed to be
|
d = Data::allocate(args.size());
|
||||||
// const T* ([support.initlist]/1), so can be memcpy'ed away from by copyConstruct
|
// std::initializer_list<T>::iterator is guaranteed to be
|
||||||
copyConstruct(args.begin(), args.end(), d->begin());
|
// const T* ([support.initlist]/1), so can be memcpy'ed away from by copyConstruct
|
||||||
d->size = int(args.size());
|
copyConstruct(args.begin(), args.end(), d->begin());
|
||||||
|
d->size = int(args.size());
|
||||||
|
} else {
|
||||||
|
d = Data::sharedNull();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -2042,6 +2042,9 @@ void tst_QVector::initializeList()
|
|||||||
QVector<QVector<T>> v3;
|
QVector<QVector<T>> v3;
|
||||||
v3 << v1 << (QVector<T>() << val4) << QVector<T>() << v1;
|
v3 << v1 << (QVector<T>() << val4) << QVector<T>() << v1;
|
||||||
QCOMPARE(v3, v2);
|
QCOMPARE(v3, v2);
|
||||||
|
|
||||||
|
QVector<T> v4({});
|
||||||
|
QCOMPARE(v4.size(), 0);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user