Details
-
Bug
-
Resolution: Done
-
P3: Somewhat important
-
4.8.4, 5.0.1
-
None
-
e120ad442d7ebff0b9862e8af9ebf9717b5ac92e
Description
This is a special scenario that occurs if:
- Reference count, d->ref > 1
- There is already more data allocated than the asize in current call of reserve
Code example:
1: QString A;
2: A.reserve(100);
3: A.fill('x', 100);
4: QString B = A;
5: A.reserve(50);
Instruction 2:
Entering reserve:
asize : 100
d->ref : 31
d->alloc : 0
d->capacity : 0
Exiting reserve:
asize : 100
d->ref : 1
d->alloc : 100
d->capacity : 1
Instruction 4:
d->ref becomes 2
Instruction 5:
Entering reserve:
d->alloc : 100
d->ref : 2
asize : 50
d->capacity : 1
Exiting reserve:
asize : 50
d->ref : 1
d->alloc : 50
d->capacity : 1
In this example allocation got truncated from 100 to 50, although previously 100 was reserved and the content of data block was filled with 'x'. As reserve should never truncate data, this is probably a bug.
Attachments
| For Gerrit Dashboard: QTBUG-29664 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 63593,1 | QString::reserve fix to avoid truncation | stable | qt/qtbase | Status: MERGED | +2 | 0 |