From bf4d57a1477dbe800a53ccda3d8c4fe564b5092c Mon Sep 17 00:00:00 2001
From: Olivier Goffart <ogoffart@trolltech.com>
Date: Thu, 7 May 2009 22:53:24 +0200
Subject: Fix reentrancy of QVector and QString

The d->capacity could be modified even if ref was more than 1

Reviewed-by: Marius Storm-Olsen
---
 src/corelib/tools/qstring.h | 2 +-
 src/corelib/tools/qvector.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/corelib/tools/qstring.h b/src/corelib/tools/qstring.h
index 1493dce..b25881f 100644
--- a/src/corelib/tools/qstring.h
+++ b/src/corelib/tools/qstring.h
@@ -113,7 +113,7 @@ public:
 
     int capacity() const;
     inline void reserve(int size);
-    inline void squeeze() { if (d->size < d->alloc) realloc(); d->capacity = 0;}
+    inline void squeeze() { if (d->size < d->alloc || ref != 1) realloc(); d->capacity = 0;}
 
     inline const QChar *unicode() const;
     inline QChar *data();
diff --git a/src/corelib/tools/qvector.h b/src/corelib/tools/qvector.h
index 3fd52ee..1f047b8 100644
--- a/src/corelib/tools/qvector.h
+++ b/src/corelib/tools/qvector.h
@@ -315,7 +315,7 @@ void QVector<T>::detach_helper()
 { realloc(d->size, d->alloc); }
 template <typename T>
 void QVector<T>::reserve(int asize)
-{ if (asize > d->alloc) realloc(d->size, asize); d->capacity = 1; }
+{ if (asize > d->alloc || d->ref != 1) realloc(d->size, asize); d->capacity = 1; }
 template <typename T>
 void QVector<T>::resize(int asize)
 { realloc(asize, (asize > d->alloc || (!d->capacity && asize < d->size && asize < (d->alloc >> 1))) ?
-- 
cgit v0.12