QString: fix UB in insert()

Comparing with <, >, <= or >= such pointers as are not pointing into
the same array is UB. A clever compiler could look at the code,
determine that the only valid execution is for it to return true, and
just always take the copy.

While that would be benign, it's not guaranteed that this would be the
outcome (it's UB, after all), and, of course, we don't want to take
the performance hit if we don't need it.

Fix by using std::less, which guarantees a total ordering for all
pointers.

Pick-to: 5.15
Change-Id: If07b9363b2ecd573f259e4fa972b629362061ce5
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>

1 files changed, 2 insertions, 1 deletions

diff --git a/src/corelib/text/qstring.cpp b/src/corelib/text/qstring.cpp
index 348276810b..fea5fb00df 100644
--- a/src/corelib/text/qstring.cpp
+++ b/src/corelib/text/qstring.cpp
@@ -2570,7 +2570,8 @@ QString& QString::insert(int i, const QChar *unicode, int size)
         return *this;
 
     const ushort *s = (const ushort *)unicode;
-    if (s >= d.data() && s < d.data() + d.size) {
+    const std::less<const ushort*> less;
+    if (!less(s, d.data()) && less(s, d.data() + d.size)) {
         // Part of me - take a copy
         ushort *tmp = static_cast<ushort *>(::malloc(size * sizeof(QChar)));
         Q_CHECK_PTR(tmp);