From 45485d9eb47d3129b8a74c2e9d854c07673161cd Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@kdab.com>
Date: Thu, 16 Oct 2014 10:39:44 +0200
Subject: Fix undefined behavior in QLoggingRegistry::defaultCategoryFilter()

Report by asan:

  READ of size 2 at 0x00000041dd40 thread T0
    #0 0x2af097b84da6 in QLoggingRegistry::defaultCategoryFilter(QLoggingCategory*) (lib/libQt5Core.so.5+0x566da6)
    #1 0x2af097b8387b in QLoggingRegistry::registerCategory(QLoggingCategory*, QtMsgType) (lib/libQt5Core.so.5+0x56587b)
    #2 0x4067f7 in tst_QLogging::QLoggingCategory_categoryName() tests/auto/corelib/io/qloggingcategory/tst_qloggingcategory.cpp:238
    <snip>

  0x00000041dd41 is located 0 bytes to the right of global variable '*.LC115' defined in 'tests/auto/corelib/io/qloggingcategory/tst_qloggingcategory.cpp' (0x41dd40) of size 1
    '*.LC115' is ascii string ''

At face value, memcmp("", "qt", 2) should not return 0, but since
the code invokes undefined behavior, the compiler can do whatever
it wants, including returning 0 here, further proving the fact
that there are *no* benign cases of undefined behavior.

Change-Id: I0c38622c47d1dcea450ea549370be1673b47b18d
Reviewed-by: Kai Koehne <kai.koehne@theqtcompany.com>
Reviewed-by: Olivier Goffart <ogoffart@woboq.com>
---
 src/corelib/io/qloggingregistry.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'src/corelib')

diff --git a/src/corelib/io/qloggingregistry.cpp b/src/corelib/io/qloggingregistry.cpp
index e9ee8d9458..8af1487834 100644
--- a/src/corelib/io/qloggingregistry.cpp
+++ b/src/corelib/io/qloggingregistry.cpp
@@ -398,9 +398,11 @@ void QLoggingRegistry::defaultCategoryFilter(QLoggingCategory *cat)
     // hard-wired implementation of
     //   qt.*.debug=false
     //   qt.debug=false
-    char c;
-    if (!memcmp(cat->categoryName(), "qt", 2) && (!(c = cat->categoryName()[2]) || c == '.'))
-        debug = false;
+    if (const char *categoryName = cat->categoryName()) {
+        // == "qt" or startsWith("qt.")
+        if (strcmp(categoryName, "qt") == 0 || strncmp(categoryName, "qt.", 3) == 0)
+            debug = false;
+    }
 
     QString categoryName = QLatin1String(cat->categoryName());
     foreach (const QLoggingRule &item, reg->rules) {
-- 
cgit v1.2.3