diff options
author | Mårten Nordheim <marten.nordheim@qt.io> | 2021-08-25 16:18:04 +0200 |
---|---|---|
committer | Mårten Nordheim <marten.nordheim@qt.io> | 2021-08-26 18:16:41 +0200 |
commit | b3c0537404a96972199957b60bc19caf894fb42f (patch) | |
tree | a03a05a6aabada6d366a26bd4da0ecf01ca9f6e9 /src | |
parent | 0755eba5e8129ea536370c927ad9b0d034950a69 (diff) |
QNetworkCookie: Fix use-after-free
The code was previously calling indexOf() on a temporary, which
QRegularExpression would create backing storage for.
After 11d1dcc6e263c5059f34b44d531c9ccdf7c0b1d6 the internals were made
to use the QStringView path, which inadvertently meant that there was
no storage for the temporary string anymore. So we need to keep it alive
ourselves.
Change-Id: I542da7010934594eba3b93261322963866ed9297
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/network/access/qnetworkcookie.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp index 13fc147c15..8dbb36829d 100644 --- a/src/network/access/qnetworkcookie.cpp +++ b/src/network/access/qnetworkcookie.cpp @@ -744,9 +744,10 @@ static QDateTime parseDateString(const QByteArray &dateString) && (dateString[at + 2] == ':' || dateString[at + 1] == ':')) { // While the date can be found all over the string the format // for the time is set and a nice regexp can be used. - QRegularExpressionMatch match; - int pos = QString::fromLatin1(dateString).indexOf(timeRx, at, &match); - if (pos != -1) { + // This string needs to stay for as long as the QRegularExpressionMatch is used, + // or else we get use-after-free issues: + QString dateToString = QString::fromLatin1(dateString); + if (auto match = timeRx.match(dateToString, at); match.hasMatch()) { QStringList list = match.capturedTexts(); int h = match.captured(1).toInt(); int m = match.captured(2).toInt(); |