Fix QVarLengthArray out of bounds read

Reviewed-By: Ralf Engels
author: Harald Fernengel <harald@trolltech.com> 2009-08-13 09:51:54 (GMT)
committer: Harald Fernengel <harald@trolltech.com> 2009-08-13 09:53:16 (GMT)
commit: 40366e6f389e32be6ecdd2f2790cac3b65d503c5 (patch)
tree: 7187652e6d62956dce38384b60a2550cb0b0ba4e
parent: da0e9ac73411f9b6725680dd66059d5e6b23ac77 (diff)
download: Qt-40366e6f389e32be6ecdd2f2790cac3b65d503c5.zip
Qt-40366e6f389e32be6ecdd2f2790cac3b65d503c5.tar.gz
Qt-40366e6f389e32be6ecdd2f2790cac3b65d503c5.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/src/corelib/tools/qvarlengtharray.h b/src/corelib/tools/qvarlengtharray.h
index 2998244..8c31f40 100644
--- a/src/corelib/tools/qvarlengtharray.h
+++ b/src/corelib/tools/qvarlengtharray.h
@@ -204,7 +204,9 @@ Q_OUTOFLINE_TEMPLATE void QVarLengthArray<T, Prealloc>::realloc(int asize, int a
 
             if (QTypeInfo<T>::isStatic) {
                 QT_TRY {
-                    while (s < asize) {
+                    // copy all the old elements
+                    const int copySize = qMin(asize, osize);
+                    while (s < copySize) {
                         new (ptr+s) T(*(oldPtr+s));
                         (oldPtr+s)->~T();
                         s++;
author	Harald Fernengel <harald@trolltech.com>	2009-08-13 09:51:54 (GMT)
committer	Harald Fernengel <harald@trolltech.com>	2009-08-13 09:53:16 (GMT)
commit	40366e6f389e32be6ecdd2f2790cac3b65d503c5 (patch)
tree	7187652e6d62956dce38384b60a2550cb0b0ba4e
parent	da0e9ac73411f9b6725680dd66059d5e6b23ac77 (diff)
download	Qt-40366e6f389e32be6ecdd2f2790cac3b65d503c5.zip Qt-40366e6f389e32be6ecdd2f2790cac3b65d503c5.tar.gz Qt-40366e6f389e32be6ecdd2f2790cac3b65d503c5.tar.bz2