Fix possible heap-buffer-overflow in qt_string_normalize

When starting further into the string than index 0, do correct the
length too. This shows up in tst_qurl and tst_qurlinternal.

Kindly pointed out by ASAN:

==5513==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600002bf27 at pc 0x000100654de3 bp 0x7ffeefbfad10 sp 0x7ffeefbfad08
READ of size 16 at 0x60600002bf27 thread T0
    #0 0x100654de2 in QtNS::simdTestMask(char const*&, char const*, unsigned int) qstring.cpp:395
    #1 0x1005f9777 in QtNS::isAscii(QtNS::QChar const*&, QtNS::QChar const*) qstring.cpp:491
    #2 0x100638642 in QtNS::qt_string_normalize(QtNS::QString*, QtNS::QString::NormalizationForm, QtNS::QChar::UnicodeVersion, int) qstring.cpp:7999

Change-Id: I44ad65b47eb98c6085c77b56dc2da50ef5659d25
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/src/corelib/tools/qstring.cpp b/src/corelib/tools/qstring.cpp
index ec274d8abf..056ffebcbe 100644
--- a/src/corelib/tools/qstring.cpp
+++ b/src/corelib/tools/qstring.cpp
@@ -7996,7 +7996,7 @@ QString QString::repeated(int times) const
 void qt_string_normalize(QString *data, QString::NormalizationForm mode, QChar::UnicodeVersion version, int from)
 {
     const QChar *p = data->constData() + from;
-    if (isAscii(p, p + data->length()))
+    if (isAscii(p, p + data->length() - from))
         return;
     if (p > data->constData() + from)
         from = p - data->constData() - 1;   // need one before the non-ASCII to perform NFC