Fix possible out of bounds access

This lead to crashes in some complex code where a
pointer was just pointing to the end of the allocated chunk,
and we'd then read outside the chunk bounds for marking.

Change-Id: Ica41c4e98eb9901fbb8d291289a9c91078ded111
Reviewed-by: Erik Verbruggen <erik.verbruggen@digia.com>

diff --git a/src/v4/qv4mm.cpp b/src/v4/qv4mm.cpp
index c77ec1e..d12388a 100644 (file)
--- a/src/v4/qv4mm.cpp
+++ b/src/v4/qv4mm.cpp
@@ -361,7 +361,7 @@ void MemoryManager::collectFromStack() const
     for (QVector<Data::Chunk>::Iterator it = m_d->heapChunks.begin(), end =
          m_d->heapChunks.end(); it != end; ++it) {
         heapChunkBoundaries[i++] = reinterpret_cast<char*>(it->memory.base());
-        heapChunkBoundaries[i++] = reinterpret_cast<char*>(it->memory.base()) + it->memory.size();
+        heapChunkBoundaries[i++] = reinterpret_cast<char*>(it->memory.base()) + it->memory.size() - it->chunkSize;
     }
 
     for (; current < top; ++current) {