AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix for integer overflow in QString::replace

Browse Source 
Task-number: QTBUG-22967

Change-Id: I604e6a725d46eab4c4369ebb54e8c9ea1350f492
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
This commit is contained in:
Christian Strømme 2012-09-24 12:38:44 +02:00 committed by The Qt Project
parent 394249616c
commit 403b15488b
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/corelib/tools/qstring.cpp
View File

@ -1752,6 +1752,10 @@ QString &QString::remove(QChar ch, Qt::CaseSensitivity cs)
Replaces \a n characters beginning at index \a position with Replaces \a n characters beginning at index \a position with
the string \a after and returns a reference to this string. the string \a after and returns a reference to this string.
\note If the specified \a position index is within the string,
but \a position + \a n goes outside the strings range,
then \a n will be adjusted to stop at the end of the string.
Example: Example:
\snippet qstring/main.cpp 40 \snippet qstring/main.cpp 40
@ -1775,7 +1779,7 @@ QString &QString::replace(int pos, int len, const QChar *unicode, int size)
{ {
if (pos < 0 || pos > d->size) if (pos < 0 || pos > d->size)
return *this; return *this;
if (pos + len > d->size) if (len > d->size - pos)
len = d->size - pos; len = d->size - pos;
uint index = pos; uint index = pos;

2
tests/auto/corelib/tools/qstring/tst_qstring.cpp
View File

@ -2230,8 +2230,6 @@ void tst_QString::replace_uint_uint()
QFETCH( int, len ); QFETCH( int, len );
QFETCH( QString, after ); QFETCH( QString, after );
QEXPECT_FAIL("overflow", "QTBUG-22967: integer overflow if (index + len) > INT_MAX", Abort);
QString s1 = string; QString s1 = string;
s1.replace( (uint) index, (int) len, after ); s1.replace( (uint) index, (int) len, after );
QTEST( s1, "result" ); QTEST( s1, "result" );