diff options
| author | Thiago Macieira <thiago.macieira@intel.com> | 2020-03-05 15:31:38 -0800 |
|---|---|---|
| committer | Thiago Macieira <thiago.macieira@intel.com> | 2020-03-20 13:18:00 -0800 |
| commit | 30a0787907981da3811390735bf234068fc89944 (patch) | |
| tree | f3334bf1113fa3f4ba54166b383a8693ccc40613 /src/corelib/serialization/qjsonarray.cpp | |
| parent | c798b286bdef4026b222e4e030faa36387e32d65 (diff) | |
Fix binary compatibility issue in QJson{Array,Object} initializer_list
The rewrite using CBOR internals replaced one of the two naked pointers
that were members of QJsonArray and QJsonObject with a
QExplicitlySharedDataPointer. The problem is that its operator= will
read the current value to decrement the refcount and possibly delete the
pointed object.
But QJson{Array,Object}::initialize() are called from inlined code,
without initialization. So we can't call operator=. We need to memcpy to
write a nullptr.
This is not unit-testable because it requires compiling against 5.14 or
earlier, then running against 5.15.
Fixes: QTBUG-82700
Change-Id: Iaa63461109844e978376fffd15f98c62656d197c
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Diffstat (limited to 'src/corelib/serialization/qjsonarray.cpp')
| -rw-r--r-- | src/corelib/serialization/qjsonarray.cpp | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/corelib/serialization/qjsonarray.cpp b/src/corelib/serialization/qjsonarray.cpp index 08702771a8..05138ad610 100644 --- a/src/corelib/serialization/qjsonarray.cpp +++ b/src/corelib/serialization/qjsonarray.cpp @@ -167,7 +167,11 @@ QJsonArray::QJsonArray(QCborContainerPrivate *array) */ void QJsonArray::initialize() { - a = nullptr; + // Because we're being called with uninitialized state, we can't do: + // a = nullptr; + // QExplicitlyDataSharedPointer::operator= will read the current value + void *ptr = &a; + memset(ptr, 0, sizeof(a)); } /*! @@ -177,7 +181,6 @@ QJsonArray::~QJsonArray() = default; QJsonArray::QJsonArray(std::initializer_list<QJsonValue> args) { - initialize(); for (const auto & arg : args) append(arg); } |