diff options
author | Erik Verbruggen <erik.verbruggen@qt.io> | 2018-08-06 15:49:10 +0200 |
---|---|---|
committer | Erik Verbruggen <erik.verbruggen@qt.io> | 2018-08-07 10:31:08 +0000 |
commit | 4ec155053a77dd3817f11fc22c936533131eb681 (patch) | |
tree | a8edfdcaa430a4d7f772ce09dbdbcd6a62465ee2 /src/corelib/tools/qstring.cpp | |
parent | 5c1c403edbaa264866d78288a769b425fae5a78d (diff) |
Fix possible heap-buffer-overflow in qt_string_normalize
When starting further into the string than index 0, do correct the
length too. This shows up in tst_qurl and tst_qurlinternal.
Kindly pointed out by ASAN:
==5513==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600002bf27 at pc 0x000100654de3 bp 0x7ffeefbfad10 sp 0x7ffeefbfad08
READ of size 16 at 0x60600002bf27 thread T0
#0 0x100654de2 in QtNS::simdTestMask(char const*&, char const*, unsigned int) qstring.cpp:395
#1 0x1005f9777 in QtNS::isAscii(QtNS::QChar const*&, QtNS::QChar const*) qstring.cpp:491
#2 0x100638642 in QtNS::qt_string_normalize(QtNS::QString*, QtNS::QString::NormalizationForm, QtNS::QChar::UnicodeVersion, int) qstring.cpp:7999
Change-Id: I44ad65b47eb98c6085c77b56dc2da50ef5659d25
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/corelib/tools/qstring.cpp')
-rw-r--r-- | src/corelib/tools/qstring.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/corelib/tools/qstring.cpp b/src/corelib/tools/qstring.cpp index ec274d8abf..056ffebcbe 100644 --- a/src/corelib/tools/qstring.cpp +++ b/src/corelib/tools/qstring.cpp @@ -7996,7 +7996,7 @@ QString QString::repeated(int times) const void qt_string_normalize(QString *data, QString::NormalizationForm mode, QChar::UnicodeVersion version, int from) { const QChar *p = data->constData() + from; - if (isAscii(p, p + data->length())) + if (isAscii(p, p + data->length() - from)) return; if (p > data->constData() + from) from = p - data->constData() - 1; // need one before the non-ASCII to perform NFC |