QString: fix UB in replace()

Comparing with <, >, <= or >= such pointers as are not pointing into the same array is UB. A clever compiler could look at the code, determine that the only valid execution is for it to return true, and just always take the copy. While that would be benign, it's not guaranteed that this would be the outcome (it's UB, after all), and, of course, we don't want to take the performance hit if we don't need it. Change-Id: I48cda232ff10a3c9fd4babcd7e7103a3aed126e8 Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io> (cherry picked from commit f6b96bc34749e4478e75c081bbd0af406cd737b5) Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
author: Marc Mutz <marc.mutz@kdab.com> 2020-05-08 22:46:44 +0200
committer: Marc Mutz <marc.mutz@kdab.com> 2020-05-21 01:11:46 +0000
commit: 0f2825685e8ad78640e92fa8277fd369a6c084c9 (patch)
tree: 5e1aaa61caface80e16efa7bed3ff564536aa784 /src/corelib/text
parent: afbf88e070eb3ff8d97a569c12a14e66c181bbb8 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/corelib/text/qstring.cpp b/src/corelib/text/qstring.cpp
index c09beceefb..d3a84c9149 100644
--- a/src/corelib/text/qstring.cpp
+++ b/src/corelib/text/qstring.cpp
@@ -3071,7 +3071,8 @@ QChar *textCopy(const QChar *start, int len)
 bool pointsIntoRange(const QChar *ptr, const ushort *base, int len)
 {
     const QChar *const start = reinterpret_cast<const QChar *>(base);
-    return start <= ptr && ptr < start + len;
+    const std::less<const QChar *> less = {};
+    return !less(ptr, start) && less(ptr, start + len);
 }
 } // end namespace
author	Marc Mutz <marc.mutz@kdab.com>	2020-05-08 22:46:44 +0200
committer	Marc Mutz <marc.mutz@kdab.com>	2020-05-21 01:11:46 +0000
commit	0f2825685e8ad78640e92fa8277fd369a6c084c9 (patch)
tree	5e1aaa61caface80e16efa7bed3ff564536aa784 /src/corelib/text
parent	afbf88e070eb3ff8d97a569c12a14e66c181bbb8 (diff)