From 10d7de1f5c1c086fc791fc85e3535442b38f03c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Brooke?= <aurelien@bahiasoft.fr>
Date: Sat, 12 Apr 2025 09:21:19 +0200
Subject: [PATCH] QVarLengthArray: call sizedFree() with the capacity and not
 the size

Using the size accidentally worked since most of the time Qt adds
elements one by one to QVLAs.

Amends 03d5daf9437d8b46db2e89e3a9763ea701fa681c.

Change-Id: I9ee6500b758f2ebf6dcc5ae8e898d3241f10af41
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
---
 src/corelib/tools/qvarlengtharray.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/corelib/tools/qvarlengtharray.h b/src/corelib/tools/qvarlengtharray.h
index fc4eb5bf9c6..efc58beebf5 100644
--- a/src/corelib/tools/qvarlengtharray.h
+++ b/src/corelib/tools/qvarlengtharray.h
@@ -869,11 +869,12 @@ Q_OUTOFLINE_TEMPLATE void QVLABase<T>::reallocate_impl(qsizetype prealloc, void
     Q_ASSERT(data());
     T *oldPtr = data();
     qsizetype osize = size();
+    const qsizetype oalloc = capacity();
 
     const qsizetype copySize = qMin(asize, osize);
     Q_ASSERT(copySize >= 0);
 
-    if (aalloc != capacity()) {
+    if (aalloc != oalloc) {
         QVLABaseBase::malloced_ptr guard;
         void *newPtr;
         qsizetype newA;
@@ -903,7 +904,7 @@ Q_OUTOFLINE_TEMPLATE void QVLABase<T>::reallocate_impl(qsizetype prealloc, void
     }
 
     if (oldPtr != reinterpret_cast<T *>(array) && oldPtr != data())
-        QtPrivate::sizedFree(oldPtr, osize, sizeof(T));
+        QtPrivate::sizedFree(oldPtr, oalloc, sizeof(T));
 }
 
 template <class T>