diff options
author | Marc Mutz <marc.mutz@kdab.com> | 2013-09-14 18:09:10 +0200 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-09-14 23:41:06 +0200 |
commit | c8411a0281c5ebf830920bdce05160c8b0682248 (patch) | |
tree | 3006609142947e669525c546f6771f51399370d6 /tests/auto | |
parent | 95b62e5a71368fa7ff4552bea895c11559a706b1 (diff) |
tst_qurlinternal: fix a use of memcpy on overlapping memory
The old code smply copied 100 shorts from the pointer passed into the
ushortarray ctor, regardless of the actual bounds of the original array.
Fix by making the ctor take the array by deference, deducing the size
as a template parameter, and only copying that much.
Fixes asan trace:
==18660==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x7fff3c56de00,0x7fff3c56dec8) and [0x7fff3c56dd60, 0x7fff3c56de28) overlap
#0 0x457161 in memcpy asan_interceptors.cc:330
#1 0x4c40fe in ushortarray::ushortarray(unsigned short*) qtbase/tests/auto/corelib/io/qurlinternal/tst_qurlinternal.cpp:62
#2 0x4b0437 in ushortarray::ushortarray(unsigned short*) qtbase/tests/auto/corelib/io/qurlinternal/tst_qurlinternal.cpp:63
#3 0x47b643 in tst_QUrlInternal::idna_testsuite_data() qtbase/tests/auto/corelib/io/qurlinternal/tst_qurlinternal.cpp:119
...
Change-Id: Ie497bc8d337bc680a562482ca71ace535797ffb3
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'tests/auto')
-rw-r--r-- | tests/auto/corelib/io/qurlinternal/tst_qurlinternal.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/tests/auto/corelib/io/qurlinternal/tst_qurlinternal.cpp b/tests/auto/corelib/io/qurlinternal/tst_qurlinternal.cpp index 2014045171..4b74dd7906 100644 --- a/tests/auto/corelib/io/qurlinternal/tst_qurlinternal.cpp +++ b/tests/auto/corelib/io/qurlinternal/tst_qurlinternal.cpp @@ -56,10 +56,11 @@ #define STRINGPREP_BIDI_LEADTRAIL_NOT_RAL 5 struct ushortarray { - ushortarray(unsigned short *array = 0) + ushortarray() {} + template <size_t N> + ushortarray(unsigned short (&array)[N]) { - if (array) - memcpy(points, array, sizeof(points)); + memcpy(points, array, N*sizeof(unsigned short)); } unsigned short points[100]; |