From 40366e6f389e32be6ecdd2f2790cac3b65d503c5 Mon Sep 17 00:00:00 2001
From: Harald Fernengel <harald@trolltech.com>
Date: Thu, 13 Aug 2009 11:51:54 +0200
Subject: Fix QVarLengthArray out of bounds read

Reviewed-By: Ralf Engels
---
 src/corelib/tools/qvarlengtharray.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/corelib/tools/qvarlengtharray.h b/src/corelib/tools/qvarlengtharray.h
index 2998244..8c31f40 100644
--- a/src/corelib/tools/qvarlengtharray.h
+++ b/src/corelib/tools/qvarlengtharray.h
@@ -204,7 +204,9 @@ Q_OUTOFLINE_TEMPLATE void QVarLengthArray<T, Prealloc>::realloc(int asize, int a
 
             if (QTypeInfo<T>::isStatic) {
                 QT_TRY {
-                    while (s < asize) {
+                    // copy all the old elements
+                    const int copySize = qMin(asize, osize);
+                    while (s < copySize) {
                         new (ptr+s) T(*(oldPtr+s));
                         (oldPtr+s)->~T();
                         s++;
-- 
cgit v0.12