From 250190b39bed279ca075bf1f2b2aaf6839bb9be4 Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Sun, 15 Sep 2013 18:51:36 +0200 Subject: [PATCH] QMap: don't dereference nullptr root(), leftNode() and rightNode() can be nullptr. These pieces of code happened to work because the first thing lowerBound() does is Node *n = this; // ... while (n) // ... But that is _after_ dereferencing nullptr, which is undefined behavior. So, check first, then deref. Change-Id: I9137bf6e21014cd68404a7e49a748910b1d768cf Reviewed-by: Thiago Macieira --- src/corelib/tools/qmap.h | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/corelib/tools/qmap.h b/src/corelib/tools/qmap.h index 29e8f9b140..0e32ade94d 100644 --- a/src/corelib/tools/qmap.h +++ b/src/corelib/tools/qmap.h @@ -288,9 +288,11 @@ void QMapData::deleteNode(QMapNode *z) template QMapNode *QMapData::findNode(const Key &akey) const { - Node *lb = root()->lowerBound(akey); - if (lb && !qMapLessThanKey(akey, lb->key)) - return lb; + if (Node *r = root()) { + Node *lb = r->lowerBound(akey); + if (lb && !qMapLessThanKey(akey, lb->key)) + return lb; + } return 0; } @@ -307,10 +309,10 @@ void QMapData::nodeRange(const Key &akey, QMapNode **firstNode, } else if (qMapLessThanKey(n->key, akey)) { n = n->rightNode(); } else { - *firstNode = n->leftNode()->lowerBound(akey); + *firstNode = n->leftNode() ? n->leftNode()->lowerBound(akey) : 0; if (!*firstNode) *firstNode = n; - *lastNode = n->rightNode()->upperBound(akey); + *lastNode = n->rightNode() ? n->rightNode()->upperBound(akey) : 0; if (!*lastNode) *lastNode = l; return;