diff options
author | Simon Hausmann <simon.hausmann@qt.io> | 2018-02-15 11:02:07 +0100 |
---|---|---|
committer | Simon Hausmann <simon.hausmann@qt.io> | 2018-02-15 13:34:50 +0000 |
commit | 2a80c04d3bbc45b5d1293a5141839c0b4719f772 (patch) | |
tree | 92ba3c83698caebad1621da1fe4156052f261eef /src/plugins/platforms/xcb | |
parent | b59181c42d61fb756c87978642ea5457a91051fb (diff) |
Fix crash when reading window titles with XCB
This is a regression introduced with commit
cb142954c54b7a6e391950d9209b5cea9252092b that changed the code from
using QString:fromUtf8(name, propertyLength) to QString::fromUtf8(name),
assuming that the property name is a zero-terminated string. That
however is not correct.
ASAN trace:
==4039==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400001e0b4 at pc 0x7f3383c7d66e bp 0x7ffdc8e3d9b0 sp 0x7ffdc8e3d158
READ of size 5 at 0x60400001e0b4 thread T0
#0 0x7f3383c7d66d (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d)
#1 0x7f337602f32a in QString::fromUtf8(char const*, int) ../../../../include/QtCore/../../src/corelib/tools/qstring.h:569
#2 0x7f337602f32a in QXcbWindow::windowTitle(QXcbConnection const*, unsigned int) /home/simon/dev/qt-5.11/qtbase/src/plugins/platforms/xcb/qxcbwindow.cpp:2861
[...]
0x60400001e0b4 is located 0 bytes to the right of 36-byte region [0x60400001e090,0x60400001e0b4)
allocated by thread T1 (QXcbEventReader) here:
#0 0x7f3383d0ab50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50)
#1 0x7f337b397e2b (/usr/lib/x86_64-linux-gnu/libxcb.so.1+0xde2b)
Change-Id: Ia5024602d3aacb924b5dcd3956672da2a8f10feb
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Diffstat (limited to 'src/plugins/platforms/xcb')
-rw-r--r-- | src/plugins/platforms/xcb/qxcbwindow.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/plugins/platforms/xcb/qxcbwindow.cpp b/src/plugins/platforms/xcb/qxcbwindow.cpp index 61cfed4db7..e9a6e536a7 100644 --- a/src/plugins/platforms/xcb/qxcbwindow.cpp +++ b/src/plugins/platforms/xcb/qxcbwindow.cpp @@ -2857,7 +2857,7 @@ QString QXcbWindow::windowTitle(const QXcbConnection *conn, xcb_window_t window) utf8Atom, 0, 1024); if (reply && reply->format == 8 && reply->type == utf8Atom) { const char *name = reinterpret_cast<const char *>(xcb_get_property_value(reply.get())); - return QString::fromUtf8(name); + return QString::fromUtf8(name, xcb_get_property_value_length(reply.get())); } return QString(); } |