From c9df93bf2763b182cd4396b9224c9584af4dac00 Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Mon, 4 May 2020 17:54:20 +0200 Subject: Explicitly prevent out-of-bounds access to tabPositions array Use DockCount enum value for the size of the array, and explicitly handle when toDockPos returns DockCount (which it might). Change-Id: Id52399607fb1ae74a24a050de7a8481264c03e47 Fixes: QTBUG-83983 Coverity-Id: 218539 Pick-to: 5.15 Reviewed-by: Marc Mutz --- src/widgets/widgets/qmainwindowlayout.cpp | 6 +++++- src/widgets/widgets/qmainwindowlayout_p.h | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/widgets/widgets/qmainwindowlayout.cpp b/src/widgets/widgets/qmainwindowlayout.cpp index 857ca31529..158521e13f 100644 --- a/src/widgets/widgets/qmainwindowlayout.cpp +++ b/src/widgets/widgets/qmainwindowlayout.cpp @@ -1580,7 +1580,11 @@ void QMainWindowLayout::setTabShape(QTabWidget::TabShape tabShape) QTabWidget::TabPosition QMainWindowLayout::tabPosition(Qt::DockWidgetArea area) const { - return tabPositions[toDockPos(area)]; + const auto dockPos = toDockPos(area); + if (dockPos < QInternal::DockCount) + return tabPositions[dockPos]; + qWarning("QMainWindowLayout::tabPosition called with out-of-bounds value '%d'", int(area)); + return QTabWidget::North; } void QMainWindowLayout::setTabPosition(Qt::DockWidgetAreas areas, QTabWidget::TabPosition tabPosition) diff --git a/src/widgets/widgets/qmainwindowlayout_p.h b/src/widgets/widgets/qmainwindowlayout_p.h index d4f0bd4517..ab95258e78 100644 --- a/src/widgets/widgets/qmainwindowlayout_p.h +++ b/src/widgets/widgets/qmainwindowlayout_p.h @@ -523,7 +523,7 @@ public: int sep; // separator extent #if QT_CONFIG(tabwidget) - QTabWidget::TabPosition tabPositions[4]; + QTabWidget::TabPosition tabPositions[QInternal::DockCount]; QTabWidget::TabShape _tabShape; QTabWidget::TabShape tabShape() const; -- cgit v1.2.3