From bcb68461c9b0b3e074e63fe92458b650b1933ef0 Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@kdab.com>
Date: Sun, 15 Sep 2013 18:51:36 +0200
Subject: QMap: don't dereference nullptr II

root(), leftNode() and rightNode() can be nullptr.
These pieces of code happened to work because the first thing lowerBound()
does is

   Node *n = this;
   // ...
   while (n)
     // ...

But that is _after_ dereferencing nullptr, which is undefined behavior.

So, check first, then deref.

This is the completion of I9137bf6e21014cd68404a7e49a748910b1d768cf:
all uses of root(), leftNode() and rightNode() have now been manually checked.

Change-Id: I3fcb958af9362104f94d6eea9c62da2ae07f1d5e
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
 src/corelib/tools/qmap.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/corelib/tools/qmap.h b/src/corelib/tools/qmap.h
index 0e32ade94d..db0cd6a2d6 100644
--- a/src/corelib/tools/qmap.h
+++ b/src/corelib/tools/qmap.h
@@ -1054,7 +1054,7 @@ Q_OUTOFLINE_TEMPLATE QList<T> QMap<Key, T>::values(const Key &akey) const
 template <class Key, class T>
 Q_INLINE_TEMPLATE typename QMap<Key, T>::const_iterator QMap<Key, T>::lowerBound(const Key &akey) const
 {
-    Node *lb = d->root()->lowerBound(akey);
+    Node *lb = d->root() ? d->root()->lowerBound(akey) : 0;
     if (!lb)
         lb = d->end();
     return const_iterator(lb);
@@ -1064,7 +1064,7 @@ template <class Key, class T>
 Q_INLINE_TEMPLATE typename QMap<Key, T>::iterator QMap<Key, T>::lowerBound(const Key &akey)
 {
     detach();
-    Node *lb = d->root()->lowerBound(akey);
+    Node *lb = d->root() ? d->root()->lowerBound(akey) : 0;
     if (!lb)
         lb = d->end();
     return iterator(lb);
@@ -1074,7 +1074,7 @@ template <class Key, class T>
 Q_INLINE_TEMPLATE typename QMap<Key, T>::const_iterator
 QMap<Key, T>::upperBound(const Key &akey) const
 {
-    Node *ub = d->root()->upperBound(akey);
+    Node *ub = d->root() ? d->root()->upperBound(akey) : 0;
     if (!ub)
         ub = d->end();
     return const_iterator(ub);
@@ -1084,7 +1084,7 @@ template <class Key, class T>
 Q_INLINE_TEMPLATE typename QMap<Key, T>::iterator QMap<Key, T>::upperBound(const Key &akey)
 {
     detach();
-    Node *ub = d->root()->upperBound(akey);
+    Node *ub = d->root() ? d->root()->upperBound(akey) : 0;
     if (!ub)
         ub = d->end();
     return iterator(ub);
-- 
cgit v1.2.3