diff options
| author | Marc Mutz <marc.mutz@qt.io> | 2025-07-01 14:17:26 +0200 |
|---|---|---|
| committer | Marc Mutz <marc.mutz@qt.io> | 2025-07-01 19:50:42 +0200 |
| commit | 3aa82a0ecf9c7a5cb2a1c7f64261d9b8582645ac (patch) | |
| tree | 4aed091984c30b38fa92166d6520ce16063ce628 /src/corelib/serialization/qxmlstream.cpp | |
| parent | afd44ac9f582fc7a81465da8e6c6cf72a43db03b (diff) | |
QXmlStream: fix incorrect use of realloc()
One must never store the result of realloc() back into the first
realloc() argument, because, if relloc() fails, one still has to
free() the old pointer, but one has just overwritten its value with
nullptr, leaking memory.
To fix, first check, and then assign.
Found in manual review of realloc() uses.
Amends the start of the public history.
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: Id6d369116d4e01fb9cb1d6db3627b9956d4b6201
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/corelib/serialization/qxmlstream.cpp')
| -rw-r--r-- | src/corelib/serialization/qxmlstream.cpp | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp index fec5b5b4363..b4751d1324f 100644 --- a/src/corelib/serialization/qxmlstream.cpp +++ b/src/corelib/serialization/qxmlstream.cpp @@ -1081,10 +1081,12 @@ void QXmlStreamReaderPrivate::parseEntity(const QString &value) inline void QXmlStreamReaderPrivate::reallocateStack() { stack_size <<= 1; - sym_stack = reinterpret_cast<Value*> (realloc(sym_stack, stack_size * sizeof(Value))); - Q_CHECK_PTR(sym_stack); - state_stack = reinterpret_cast<int*> (realloc(state_stack, stack_size * sizeof(int))); - Q_CHECK_PTR(state_stack); + void *p = realloc(sym_stack, stack_size * sizeof(Value)); + Q_CHECK_PTR(p); + sym_stack = static_cast<Value*>(p); + p = realloc(state_stack, stack_size * sizeof(int)); + Q_CHECK_PTR(p); + state_stack = static_cast<int*>(p); } |