From e6647776249e0e3ac9bac38d72965aa87b607859 Mon Sep 17 00:00:00 2001 From: Kent Hansen Date: Thu, 25 Jun 2009 16:04:41 +0200 Subject: don't crash when QTextCodec::codecForUtfText() is passed -1 bytes It's possible that the function gets called with a bytearray of size -1 (for example, by QTextStreamPrivate::fillReadBuffer()). Since the size was erroneously cast to a uint, the subsequent comparison (arraySize > 3) succeeded and caused a crash. Reviewed-by: Denis Dzyubenko --- src/corelib/codecs/qtextcodec.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/corelib/codecs/qtextcodec.cpp b/src/corelib/codecs/qtextcodec.cpp index 32c6aef..d4e5d44 100644 --- a/src/corelib/codecs/qtextcodec.cpp +++ b/src/corelib/codecs/qtextcodec.cpp @@ -1560,7 +1560,7 @@ QTextCodec *QTextCodec::codecForHtml(const QByteArray &ba) */ QTextCodec *QTextCodec::codecForUtfText(const QByteArray &ba, QTextCodec *defaultCodec) { - const uint arraySize = ba.size(); + const int arraySize = ba.size(); if (arraySize > 3) { if ((uchar)ba[0] == 0x00 -- cgit v0.12