Fix crash when constructing a QVector with an empty initializer list.

Data::allocate(0) returns a pointer to read-only memory, updating d->size
will segfault. The safety check for this exists in all other QVector ctors
already.

Change-Id: Ida0fe4182de56ee62c7f91e8652cfafbfd7b8410
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
This commit is contained in:
Volker Krause 2014-01-17 13:28:37 +01:00 committed by The Qt Project
parent eae8abbc18
commit ec77f93b38
2 changed files with 12 additions and 5 deletions

View File

@ -438,11 +438,15 @@ QVector<T>::QVector(int asize, const T &t)
template <typename T> template <typename T>
QVector<T>::QVector(std::initializer_list<T> args) QVector<T>::QVector(std::initializer_list<T> args)
{ {
d = Data::allocate(args.size()); if (args.size() > 0) {
// std::initializer_list<T>::iterator is guaranteed to be d = Data::allocate(args.size());
// const T* ([support.initlist]/1), so can be memcpy'ed away from by copyConstruct // std::initializer_list<T>::iterator is guaranteed to be
copyConstruct(args.begin(), args.end(), d->begin()); // const T* ([support.initlist]/1), so can be memcpy'ed away from by copyConstruct
d->size = int(args.size()); copyConstruct(args.begin(), args.end(), d->begin());
d->size = int(args.size());
} else {
d = Data::sharedNull();
}
} }
#endif #endif

View File

@ -2042,6 +2042,9 @@ void tst_QVector::initializeList()
QVector<QVector<T>> v3; QVector<QVector<T>> v3;
v3 << v1 << (QVector<T>() << val4) << QVector<T>() << v1; v3 << v1 << (QVector<T>() << val4) << QVector<T>() << v1;
QCOMPARE(v3, v2); QCOMPARE(v3, v2);
QVector<T> v4({});
QCOMPARE(v4.size(), 0);
#endif #endif
} }