From 2dd90a27a82289a5088b929c3bd27c1fd05967f6 Mon Sep 17 00:00:00 2001
From: Olivier Goffart <olivier.goffart@nokia.com>
Date: Tue, 28 Jun 2011 11:21:00 +0200
Subject: Fix invalid read in QUrl::removeAllEncodedQueryItems

The remove will detach the string making the query pointer invalid.

Note: the "test3" case is commented out because it does not remove
the & at the end, and i do not want to enforce this behaviour in the
test

Task-number: QTBUG-20065
Change-Id: I195c5c3b468f46c797c7c4f8075303f2b1f4724c
Reviewed-on: http://codereview.qt.nokia.com/822
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
---
 src/corelib/io/qurl.cpp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src')

diff --git a/src/corelib/io/qurl.cpp b/src/corelib/io/qurl.cpp
index 881365678f..d5510095e7 100644
--- a/src/corelib/io/qurl.cpp
+++ b/src/corelib/io/qurl.cpp
@@ -5466,6 +5466,7 @@ void QUrl::removeAllEncodedQueryItems(const QByteArray &key)
             if (end < d->query.size())
                 ++end; // remove additional '%'
             d->query.remove(pos, end - pos);
+            query = d->query.constData(); //required if remove detach;
         } else {
             pos = end + 1;
         }
-- 
cgit v1.2.3