diff options
| author | Marc Mutz <marc.mutz@kdab.com> | 2016-09-14 16:14:16 +0200 |
|---|---|---|
| committer | Marc Mutz <marc.mutz@kdab.com> | 2016-09-15 10:10:28 +0000 |
| commit | a54d44298f6d2ecc1ec4d8c5c42c89c8a06fc5dd (patch) | |
| tree | 3eac6336bdb8c8f86c9cd33098ae09bc46c9541d /src/corelib/tools/qstring.h | |
| parent | 7529c39ba350c3fe9a2b4a96d3300481e3ea419f (diff) | |
QLatin1String: Fix UB (nullptr passed) in relational operators
Found by UBSan:
qstring.h:1160:44: runtime error: null pointer passed as argument 1, which is declared to never be null
qstring.h:1160:44: runtime error: null pointer passed as argument 2, which is declared to never be null
Fix by avoiding the memcmp() calls if there's a chance that they
might be called with nullptr.
While at it, also implement !=, >, <=, >= in terms of ==, <,
and add a test, because this particular UB was not fingered by
any of the QtCore test cases, but by a Qt3D one.
Change-Id: I413792dcc8431ef14f0c79f26e89a3e9fab69465
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src/corelib/tools/qstring.h')
| -rw-r--r-- | src/corelib/tools/qstring.h | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/src/corelib/tools/qstring.h b/src/corelib/tools/qstring.h index 886973fe10..58ad2caa2b 100644 --- a/src/corelib/tools/qstring.h +++ b/src/corelib/tools/qstring.h @@ -1127,21 +1127,21 @@ inline bool operator!=(QString::Null, const QString &s) { return !s.isNull(); } inline bool operator!=(const QString &s, QString::Null) { return !s.isNull(); } inline bool operator==(QLatin1String s1, QLatin1String s2) Q_DECL_NOTHROW -{ return (s1.size() == s2.size() && !memcmp(s1.latin1(), s2.latin1(), s1.size())); } +{ return s1.size() == s2.size() && (!s1.size() || !memcmp(s1.latin1(), s2.latin1(), s1.size())); } inline bool operator!=(QLatin1String s1, QLatin1String s2) Q_DECL_NOTHROW -{ return (s1.size() != s2.size() || memcmp(s1.latin1(), s2.latin1(), s1.size())); } +{ return !operator==(s1, s2); } inline bool operator<(QLatin1String s1, QLatin1String s2) Q_DECL_NOTHROW -{ int r = memcmp(s1.latin1(), s2.latin1(), qMin(s1.size(), s2.size())); - return (r < 0) || (r == 0 && s1.size() < s2.size()); } -inline bool operator<=(QLatin1String s1, QLatin1String s2) Q_DECL_NOTHROW -{ int r = memcmp(s1.latin1(), s2.latin1(), qMin(s1.size(), s2.size())); - return (r < 0) || (r == 0 && s1.size() <= s2.size()); } +{ + const int len = qMin(s1.size(), s2.size()); + const int r = len ? memcmp(s1.latin1(), s2.latin1(), len) : 0; + return r < 0 || (r == 0 && s1.size() < s2.size()); +} inline bool operator>(QLatin1String s1, QLatin1String s2) Q_DECL_NOTHROW -{ int r = memcmp(s1.latin1(), s2.latin1(), qMin(s1.size(), s2.size())); - return (r > 0) || (r == 0 && s1.size() > s2.size()); } +{ return operator<(s2, s1); } +inline bool operator<=(QLatin1String s1, QLatin1String s2) Q_DECL_NOTHROW +{ return !operator>(s1, s2); } inline bool operator>=(QLatin1String s1, QLatin1String s2) Q_DECL_NOTHROW -{ int r = memcmp(s1.latin1(), s2.latin1(), qMin(s1.size(), s2.size())); - return (r > 0) || (r == 0 && s1.size() >= s2.size()); } +{ return !operator<(s1, s2); } inline bool QLatin1String::operator==(const QString &s) const Q_DECL_NOTHROW { return s == *this; } |