QColor: Fix use of uninit'ed value in get_hex_rgb()

If len == 0, we didn't write anything to 'tmp', but get_hex_rgb() unconditionally reads tmp[0] (aliased to name[0] in get_hex_rgb()). Fix by terminating the tmp array, thus ensuring that the comparison against '#' in get_hex_rgb() fails. Introduced in a41393d0bc05998a7de2dcf872953b6d24b71e96. Coverity-Id: 171477 Change-Id: I53952aff7035813ed6abc74d402953bc9cfa76f1 Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
author: Marc Mutz <marc.mutz@kdab.com> 2016-10-05 00:10:23 +0200
committer: Marc Mutz <marc.mutz@kdab.com> 2016-10-05 06:22:51 +0000
commit: 483aff406a8cd9bb824cbd39a0a20619fe9b1fa2 (patch)
tree: 73ee337c18775f23d894b01e08ed93e9f18861f5 /src/gui
parent: f2b90b4e825bc0f1d2204add64241724a71af4da (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/gui/painting/qcolor.cpp b/src/gui/painting/qcolor.cpp
index 05790c4504..e3dbf663e1 100644
--- a/src/gui/painting/qcolor.cpp
+++ b/src/gui/painting/qcolor.cpp
@@ -131,6 +131,7 @@ static bool get_hex_rgb(const QChar *str, int len, QRgb *rgb)
     char tmp[16];
     for (int i = 0; i < len; ++i)
         tmp[i] = str[i].toLatin1();
+    tmp[len] = 0;
     return get_hex_rgb(tmp, len, rgb);
 }
author	Marc Mutz <marc.mutz@kdab.com>	2016-10-05 00:10:23 +0200
committer	Marc Mutz <marc.mutz@kdab.com>	2016-10-05 06:22:51 +0000
commit	483aff406a8cd9bb824cbd39a0a20619fe9b1fa2 (patch)
tree	73ee337c18775f23d894b01e08ed93e9f18861f5 /src/gui
parent	f2b90b4e825bc0f1d2204add64241724a71af4da (diff)