From c3b5efa250ee29413d348fea96e11b7e6f94e54f Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Fri, 8 May 2020 22:46:44 +0200 Subject: QString: fix UB in insert() Comparing with <, >, <= or >= such pointers as are not pointing into the same array is UB. A clever compiler could look at the code, determine that the only valid execution is for it to return true, and just always take the copy. While that would be benign, it's not guaranteed that this would be the outcome (it's UB, after all), and, of course, we don't want to take the performance hit if we don't need it. Fix by using std::less, which guarantees a total ordering for all pointers. Pick-to: 5.15 Change-Id: If07b9363b2ecd573f259e4fa972b629362061ce5 Reviewed-by: Ville Voutilainen --- src/corelib/text/qstring.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/corelib/text/qstring.cpp b/src/corelib/text/qstring.cpp index 348276810b..fea5fb00df 100644 --- a/src/corelib/text/qstring.cpp +++ b/src/corelib/text/qstring.cpp @@ -2570,7 +2570,8 @@ QString& QString::insert(int i, const QChar *unicode, int size) return *this; const ushort *s = (const ushort *)unicode; - if (s >= d.data() && s < d.data() + d.size) { + const std::less less; + if (!less(s, d.data()) && less(s, d.data() + d.size)) { // Part of me - take a copy ushort *tmp = static_cast(::malloc(size * sizeof(QChar))); Q_CHECK_PTR(tmp); -- cgit v1.2.3