summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTopi Reiniƶ <topi.reinio@nokia.com>2010-11-04 13:20:02 (GMT)
committerTopi Reiniƶ <topi.reinio@nokia.com>2010-11-04 13:20:02 (GMT)
commit440888de851daad78d89f2958aa95e9193832fb5 (patch)
tree5a0fac499bbba1154dd5bb5c90fda0de28c1435f
parent018c0ebc7d7ffaa55bf5a80b2a8a0e3ee1ebcc7b (diff)
downloadQt-440888de851daad78d89f2958aa95e9193832fb5.zip
Qt-440888de851daad78d89f2958aa95e9193832fb5.tar.gz
Qt-440888de851daad78d89f2958aa95e9193832fb5.tar.bz2
Prevent access to non-existent memory in QGL2PEXVertexArray
QGL2PEXVertexArray::addClosingLine() uses using QDataBuffer::add() to add a QPointF at the end, with a const reference to another value in the same array. As add() resizes and possibly relocates the buffer, an already-released memory location may be accessed. This change copies the value into a temporary variable before resizing the array. Task-number: QTBUG-14944 Reviewed-by: Samuel
-rw-r--r--src/opengl/gl2paintengineex/qgl2pexvertexarray.cpp5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/opengl/gl2paintengineex/qgl2pexvertexarray.cpp b/src/opengl/gl2paintengineex/qgl2pexvertexarray.cpp
index 559a6fd..167a7d2 100644
--- a/src/opengl/gl2paintengineex/qgl2pexvertexarray.cpp
+++ b/src/opengl/gl2paintengineex/qgl2pexvertexarray.cpp
@@ -63,8 +63,9 @@ QGLRect QGL2PEXVertexArray::boundingRect() const
void QGL2PEXVertexArray::addClosingLine(int index)
{
- if (QPointF(vertexArray.at(index)) != QPointF(vertexArray.last()))
- vertexArray.add(vertexArray.at(index));
+ QPointF point(vertexArray.at(index));
+ if (point != QPointF(vertexArray.last()))
+ vertexArray.add(point);
}
void QGL2PEXVertexArray::addCentroid(const QVectorPath &path, int subPathIndex)