From 524f39db899d68e0ef90184a268eb75ad4ac216e Mon Sep 17 00:00:00 2001 From: Thiago Macieira Date: Mon, 20 Mar 2017 17:54:55 -0700 Subject: gtk3: Fix use of dangling pointers QString::toUtf8() returns QByteArray, which got implicitly converted to C strings and promptly deleted. Instead, return the QByteArray to the caller. Found by ASAN: ==13935==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060000dffb8 at pc 0x7f764f27320b bp 0x7ffd49b11bb0 sp 0x7ffd49b11358 READ of size 7 at 0x6060000dffb8 thread T0 #1 0x7f7649d174e2 in g_strdup (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x684e2) #2 0x7f763f7abe5b (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x39e5b) #3 0x7f763f78915a in g_object_new_valist (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x1715a) #4 0x7f763f789520 in g_object_new (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x17520) #5 0x7f7640f6bcb0 in gtk_dialog_add_button (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x186cb0) #6 0x7f7640f8d2c9 in gtk_file_chooser_dialog_new (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x1a82c9) #7 0x7f7641727281 (/opt/Qt5.8.0/5.8/gcc_64/plugins/platformthemes/libqgtk3.so+0x13281) Task-number: QTBUG-59611 Change-Id: I37cc967e689f4523b504fffd14adbf944b53b754 Reviewed-by: J-P Nurmi --- src/plugins/platformthemes/gtk3/qgtk3dialoghelpers.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/plugins/platformthemes') diff --git a/src/plugins/platformthemes/gtk3/qgtk3dialoghelpers.cpp b/src/plugins/platformthemes/gtk3/qgtk3dialoghelpers.cpp index 699b058932..8b6ec31400 100644 --- a/src/plugins/platformthemes/gtk3/qgtk3dialoghelpers.cpp +++ b/src/plugins/platformthemes/gtk3/qgtk3dialoghelpers.cpp @@ -57,7 +57,7 @@ QT_BEGIN_NAMESPACE -static const char *standardButtonText(int button) +static QByteArray standardButtonText(int button) { return QGtk3Theme::defaultStandardButtonText(button).toUtf8(); } -- cgit v1.2.3