a70b8d407e
Maintain the consistency of QWizardPrivate's two members: QVector<QWizardField> fields; QMap<QString, int> fieldIndexMap; during and after calls to QWizardPrivate's void _q_handleFieldObjectDestroyed(QObject *) member function. The failure to maintain this consistency caused an out of bounds access and core dump in QWizard's field(const QString &name) member function. QWizard's field(const QString &name) member function expects the values in the QMap fieldIndexMap to be indexes into the QVector fields. Prior to this change _q_handleFieldObjectDestroyed only removed the appropriate entry from the map and erased it from the vector. It did not decrement by one all the indexes greater than the index that was removed from the map and erased from the vector in the rest of the map. For example ... So if initially have the following mapping ... "field0" -> 0, "field1" -> 1, and "field2" -> 2 with fields of size 3. After destruction of "field1" have ... "field0" -> 0, and "field2" -> 2 with fields of size 2. Now attempts to look up "field2" using QWizard::field will have an out of bounds error and possibly core dump or trigger an internal Qt assert because an attempt to access this->fields[2] will be made. It should be accessing this->fields[1], but does not because the map is no longer consistent with the vector. This change adds a decrement by one for all the indexes greater than the index that was removed from the map and erased from the vector. Task-number: QTBUG-25691 Change-Id: Ia2a41027628a65faec4ecdd5da235ddd19746a57 Reviewed-by: Shane Kearns <shane.kearns@accenture.com> Reviewed-by: Lars Knoll <lars.knoll@nokia.com> |
||
---|---|---|
.. | ||
qabstractprintdialog | ||
qcolordialog | ||
qdialog | ||
qerrormessage | ||
qfiledialog | ||
qfiledialog2 | ||
qfilesystemmodel | ||
qfontdialog | ||
qinputdialog | ||
qmessagebox | ||
qprogressdialog | ||
qsidebar | ||
qwizard | ||
dialogs.pro |