AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix possible heap-buffer-overflow in qt_string_normalize

Browse Source 
When starting further into the string than index 0, do correct the
length too. This shows up in tst_qurl and tst_qurlinternal.

Kindly pointed out by ASAN:

==5513==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600002bf27 at pc 0x000100654de3 bp 0x7ffeefbfad10 sp 0x7ffeefbfad08
READ of size 16 at 0x60600002bf27 thread T0
    #0 0x100654de2 in QtNS::simdTestMask(char const*&, char const*, unsigned int) qstring.cpp:395
    #1 0x1005f9777 in QtNS::isAscii(QtNS::QChar const*&, QtNS::QChar const*) qstring.cpp:491
    #2 0x100638642 in QtNS::qt_string_normalize(QtNS::QString*, QtNS::QString::NormalizationForm, QtNS::QChar::UnicodeVersion, int) qstring.cpp:7999

Change-Id: I44ad65b47eb98c6085c77b56dc2da50ef5659d25
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
This commit is contained in:
Erik Verbruggen 2018-08-06 15:49:10 +02:00
parent 5c1c403edb
commit 4ec155053a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/corelib/tools/qstring.cpp
View File

@ -7996,7 +7996,7 @@ QString QString::repeated(int times) const
void qt_string_normalize(QString *data, QString::NormalizationForm mode, QChar::UnicodeVersion version, int from)
{
const QChar *p = data->constData() + from;
if (isAscii(p, p + data->length()))
if (isAscii(p, p + data->length() - from))
return;
if (p > data->constData() + from)
from = p - data->constData() - 1; // need one before the non-ASCII to perform NFC