From 75cdf654bcc192ba73a8834e507583a59140e7e4 Mon Sep 17 00:00:00 2001 From: Thiago Macieira Date: Fri, 7 Apr 2017 13:12:05 -0700 Subject: QMap: fix UB (invalid cast) in QMapData::end() The end() pointer, like in all other containers, is a sentinel value that must never be dereferenced. But unlike array-based containers, end() in QMap is not "last element plus one", but points to a base class of Node, not a full Node. Therefore, the casting from QMapNodeBase to QMapNode must not be a static_cast, reinterpret_cast is required. libstdc++-v3's red-black tree had the exact same problem: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60734 Change-Id: I43f05fedf0b44314a2dafffd14b33697861ae589 Reviewed-by: Marc Mutz --- src/corelib/tools/qmap.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src/corelib/tools/qmap.h') diff --git a/src/corelib/tools/qmap.h b/src/corelib/tools/qmap.h index 3f4f034b4e..da77ba4458 100644 --- a/src/corelib/tools/qmap.h +++ b/src/corelib/tools/qmap.h @@ -209,8 +209,10 @@ struct QMapData : public QMapDataBase Node *root() const { return static_cast(header.left); } - const Node *end() const { return static_cast(&header); } - Node *end() { return static_cast(&header); } + // using reinterpret_cast because QMapDataBase::header is not + // actually a QMapNode. + const Node *end() const { return reinterpret_cast(&header); } + Node *end() { return reinterpret_cast(&header); } const Node *begin() const { if (root()) return static_cast(mostLeftNode); return end(); } Node *begin() { if (root()) return static_cast(mostLeftNode); return end(); } -- cgit v1.2.3