From 9aa24645eb09be9e1d05060b2d976327726cb747 Mon Sep 17 00:00:00 2001
From: Mitch Curtis <mitch.curtis@digia.com>
Date: Thu, 30 May 2013 14:51:18 +0200
Subject: Prevent negative size in QBitArray, QVector and QVarLengthArray
 ctors.

As shown in QTBUG-24345, QBitArray will exhibit invalid reads when
initialised with a negative size and run under valgrind.

QVector and QVarLengthArray both cause a crash if initialised with a
negative size.

This patch enforces sizes greater than or equal to 0 with asserts and
existing if statements, and hence impose no performance penalty for
release builds.

Task-number: QTBUG-24345
Task-number: QTBUG-30037

Change-Id: I9a969f6016e0a59904a60bbfe9e5360e6f523b87
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
 src/corelib/tools/qbitarray.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/corelib/tools/qbitarray.cpp')

diff --git a/src/corelib/tools/qbitarray.cpp b/src/corelib/tools/qbitarray.cpp
index 2b459b2b1bf..b04c4f9c3d9 100644
--- a/src/corelib/tools/qbitarray.cpp
+++ b/src/corelib/tools/qbitarray.cpp
@@ -122,7 +122,8 @@ QT_BEGIN_NAMESPACE
 */
 QBitArray::QBitArray(int size, bool value)
 {
-    if (!size) {
+    Q_ASSERT_X(size >= 0, "QBitArray::QBitArray", "Size must be greater than or equal to 0.");
+    if (size <= 0) {
         d.resize(0);
         return;
     }
-- 
cgit v1.2.3