diff options
| author | Marc Mutz <marc.mutz@kdab.com> | 2020-05-08 22:46:44 +0200 |
|---|---|---|
| committer | Marc Mutz <marc.mutz@kdab.com> | 2020-05-19 11:57:26 +0000 |
| commit | a5b2bfe2b34c5e40b8cefef37b130b9a9afa43c8 (patch) | |
| tree | ce703d506f6cae86b58c2b0bd491b1e4001d6a38 /src/corelib/text/qstring.cpp | |
| parent | af20abd874e2f24db60ba2093aa089a1d631b06d (diff) | |
| download | qtbase-a5b2bfe2b34c5e40b8cefef37b130b9a9afa43c8.tar.gz | |
QString: fix UB in insert()
Comparing with <, >, <= or >= such pointers as are not pointing into
the same array is UB. A clever compiler could look at the code,
determine that the only valid execution is for it to return true, and
just always take the copy.
While that would be benign, it's not guaranteed that this would be the
outcome (it's UB, after all), and, of course, we don't want to take
the performance hit if we don't need it.
Fix by using std::less, which guarantees a total ordering for all
pointers.
Change-Id: If07b9363b2ecd573f259e4fa972b629362061ce5
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
(cherry picked from commit c3b5efa250ee29413d348fea96e11b7e6f94e54f)
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Diffstat (limited to 'src/corelib/text/qstring.cpp')
| -rw-r--r-- | src/corelib/text/qstring.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/corelib/text/qstring.cpp b/src/corelib/text/qstring.cpp index 54a2f9cdd2..5263b8d41b 100644 --- a/src/corelib/text/qstring.cpp +++ b/src/corelib/text/qstring.cpp @@ -2592,7 +2592,8 @@ QString& QString::insert(int i, const QChar *unicode, int size) return *this; const ushort *s = (const ushort *)unicode; - if (s >= d->data() && s < d->data() + d->alloc) { + const std::less<const ushort*> less = {}; + if (!less(s, d->data()) && less(s, d->data() + d->alloc)) { // Part of me - take a copy ushort *tmp = static_cast<ushort *>(::malloc(size * sizeof(QChar))); Q_CHECK_PTR(tmp); |