diff options
author | Lorenz Haas <lorenz.haas@histomatics.de> | 2017-02-28 17:12:52 +0100 |
---|---|---|
committer | Lorenz Haas <lorenz.haas@histomatics.de> | 2017-03-02 16:08:24 +0000 |
commit | 7bfe093ae5a904c375ae7b2635e681ff319c80af (patch) | |
tree | 4eb3cd8e523fc10cde018d31b4ab95a3a64b1ef5 /src | |
parent | 4428763001c9f886585903fe638d3bf6cfae99d0 (diff) |
Fix possible use after free error in SQLite REGEXP
If the cache insertion fails, regexp is deleted and
"subject.contains(*regexp);" is UB.
Coverity-Id: 176868
Change-Id: Ibf9340e019f09fdb8b2a82de8877cdfb2ffe1372
Reviewed-by: Milian Wolff <milian.wolff@kdab.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/sqldrivers/sqlite/qsql_sqlite.cpp | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/plugins/sqldrivers/sqlite/qsql_sqlite.cpp b/src/plugins/sqldrivers/sqlite/qsql_sqlite.cpp index 56eceeecbd..b42fd74b3e 100644 --- a/src/plugins/sqldrivers/sqlite/qsql_sqlite.cpp +++ b/src/plugins/sqldrivers/sqlite/qsql_sqlite.cpp @@ -574,14 +574,17 @@ static void _q_regexp(sqlite3_context* context, int argc, sqlite3_value** argv) reinterpret_cast<const char*>(sqlite3_value_text(argv[1]))); auto cache = static_cast<QCache<QString, QRegularExpression>*>(sqlite3_user_data(context)); - QRegularExpression *regexp = cache->object(pattern); - if (!regexp) { - regexp = new QRegularExpression(pattern, QRegularExpression::DontCaptureOption - | QRegularExpression::OptimizeOnFirstUsageOption); - cache->insert(pattern, regexp); - } + auto regexp = cache->object(pattern); + const bool wasCached = regexp; + + if (!wasCached) + regexp = new QRegularExpression(pattern, QRegularExpression::DontCaptureOption | QRegularExpression::OptimizeOnFirstUsageOption); + const bool found = subject.contains(*regexp); + if (!wasCached) + cache->insert(pattern, regexp); + sqlite3_result_int(context, int(found)); } |