diff options
| author | Marc Mutz <marc.mutz@qt.io> | 2022-02-20 16:51:21 +0100 |
|---|---|---|
| committer | Marc Mutz <marc.mutz@qt.io> | 2022-02-23 15:07:46 +0100 |
| commit | 45370ab793704de5fc3f5a97a5be64812f455b9f (patch) | |
| tree | b7b0569f6ff15efd4d2961d6acb5b1547b9e76ce /src | |
| parent | aef17b34b38a833517abb9b18013d535d1408df4 (diff) | |
QStringConverter: fix move special member functions of State class
By copying 'd' instead of the (larger, on 32-bit platforms),
state_data variadic member, we may corrupt the state (by copying only
half the state).
Fix by copying state_data instead, which is guaranteed to be the
larger of the two.
The move-assignment operator must be self-assignment-safe in the
moved-from state (Hinnant Criterion), so we need to use memmove(), not
memcpy().
[ChangeLog][QtCore][QStringEncoder/Decoder] Fixed a potential data
corruption in the move constructor and move-assignment operator on
32-bit platforms.
Change-Id: I7bbc475a6eecec618a011b23814cada35ce61d10
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 87c6e340a9cd64b0cfd2c77a68bf4fec84d3dd1a)
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/corelib/text/qstringconverter.h | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/corelib/text/qstringconverter.h b/src/corelib/text/qstringconverter.h index 829b19d568..42c4236735 100644 --- a/src/corelib/text/qstringconverter.h +++ b/src/corelib/text/qstringconverter.h @@ -47,6 +47,8 @@ #include <optional> +#include <cstring> + QT_BEGIN_NAMESPACE // work around a compiler bug in GCC 7 @@ -76,7 +78,8 @@ public: : flags(other.flags), remainingChars(other.remainingChars), invalidChars(other.invalidChars), - d{other.d[0], other.d[1]}, + state_data{other.state_data[0], other.state_data[1], + other.state_data[2], other.state_data[3]}, clearFn(other.clearFn) { other.clearFn = nullptr; } State &operator=(State &&other) @@ -85,8 +88,7 @@ public: flags = other.flags; remainingChars = other.remainingChars; invalidChars = other.invalidChars; - d[0] = other.d[0]; - d[1] = other.d[1]; + std::memmove(state_data, other.state_data, sizeof state_data); // self-assignment-safe clearFn = other.clearFn; other.clearFn = nullptr; return *this; |