diff options
author | Edward Welbourne <edward.welbourne@qt.io> | 2019-02-07 17:04:49 +0100 |
---|---|---|
committer | Edward Welbourne <edward.welbourne@qt.io> | 2019-02-08 13:56:25 +0000 |
commit | c066656aff4841f9095e77754fa7533f7bbbb66a (patch) | |
tree | 6a77a0c39aa28b81fb901db5296eed145ea66078 /src/gui | |
parent | b611eb81c822ed2bcd3107ba098b56952ae0685c (diff) |
Avoid read-outside-array error by QStringRef over-reach
Constructing a QStringRef directly from the string, offset and a
length is UB if the offset + length exceeds the string's length.
Thanks to Robert Loehning and libFuzzer for finding this.
QString::midRef (as correctly used in both changed uses of QStringRef,
since 432d3b69629) takes care of that for us. Changed one UB case and
a matching but correct case, for consistency.
In the process, deduplicate a QStringList look-up.
Added tests to exercise the code (but the one that exercises the
formerly UB case doesn't crash before the fix, so isn't very useful;
the invalid read is only outside the array it's scanning, not outside
allocated memory).
Change-Id: I7051bbbc0267dd7ec0a8f75eee2034d0b7eb75a2
Reviewed-by: Anton Kudryavtsev <antkudr@mail.ru>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/gui')
0 files changed, 0 insertions, 0 deletions