From 469d68b344380c1a9ccef95bb784b39a436a7634 Mon Sep 17 00:00:00 2001 From: Sune Vuorela Date: Sun, 4 Sep 2016 14:59:37 +0200 Subject: Fix handling of bad compose table MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The ASAN talk at QtCon was pointing out a out of bound read in a vector. Let's try to do something about it. If the lazy initialization of compose table fails, the first character handling still tries to actually access it. Later characters are properly handled in the caller. Reported-by: Hanno Böck Change-Id: Ieac3e95361abd0fcd06c555bcd00ca1c4d8f1931 Reviewed-by: Thiago Macieira --- .../compose/qcomposeplatforminputcontext.cpp | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'src/plugins/platforminputcontexts') diff --git a/src/plugins/platforminputcontexts/compose/qcomposeplatforminputcontext.cpp b/src/plugins/platforminputcontexts/compose/qcomposeplatforminputcontext.cpp index d1bea9af23..fb40480203 100644 --- a/src/plugins/platforminputcontexts/compose/qcomposeplatforminputcontext.cpp +++ b/src/plugins/platforminputcontexts/compose/qcomposeplatforminputcontext.cpp @@ -162,11 +162,19 @@ bool QComposeInputContext::checkComposeTable() TableGenerator reader; m_tableState = reader.tableState(); - if ((m_tableState & TableGenerator::NoErrors) == TableGenerator::NoErrors) - m_composeTable = reader.composeTable(); - m_compositionTableInitialized = true; + if ((m_tableState & TableGenerator::NoErrors) == TableGenerator::NoErrors) { + m_composeTable = reader.composeTable(); + } else { +#ifdef DEBUG_COMPOSING + qDebug( "### FAILED_PARSING ###" ); +#endif + // if we have errors, don' try to look things up anyways. + reset(); + return false; + } } + Q_ASSERT(!m_composeTable.isEmpty()); QVector::const_iterator it = std::lower_bound(m_composeTable.constBegin(), m_composeTable.constEnd(), m_composeBuffer, Compare()); -- cgit v1.2.3 From f1e87dc9bcc1f9d12183736dfa29a46df5930088 Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Thu, 15 Sep 2016 15:25:01 +0200 Subject: QTableGenerator: Fix uninit'ed values It's probably benign, but it causes Corverity to complain, so always init all fields of QComposeCacheFileHeader. Format the code so it can easily be ported to uniform init later on. Coverity-Id: 93043 Change-Id: Ifa1ccc3fa58dc813306917f216772fd24d4930c9 Reviewed-by: Thiago Macieira --- .../compose/generator/qtablegenerator.cpp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'src/plugins/platforminputcontexts') diff --git a/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp b/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp index 44f1d7e6ba..338c7ca3be 100644 --- a/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp +++ b/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp @@ -106,15 +106,15 @@ static QByteArray localHostName() */ static QComposeCacheFileHeader readFileMetadata(const QString &path) { - QComposeCacheFileHeader info; - info.reserved = 0; - info.fileSize = 0; + quint64 fileSize = 0; + qint64 lastModified = 0; const QByteArray pathBytes = QFile::encodeName(path); QT_STATBUF st; - if (QT_STAT(pathBytes.data(), &st) != 0) - return info; - info.lastModified = st.st_mtime; - info.fileSize = st.st_size; + if (QT_STAT(pathBytes.data(), &st) == 0) { + lastModified = st.st_mtime; + fileSize = st.st_size; + } + QComposeCacheFileHeader info = { 0, 0, fileSize, lastModified }; return info; } -- cgit v1.2.3