QString: fix UB (pointer arithmetic on nullptr) in qLastIndexOf

Says ubsan: qstring.cpp:10484:17: runtime error: applying non-zero offset 18446744073709551614 to null pointer If we search for a null needle, we stored 0-1 in a size_t variable and unconditionally appied that offset to the needle's data() pointer. That being the nullptr, ubsan complained. To fix, set sl_minus_1 to 0 if it would underflow. In that case, sl_minus_1, n, and h, are not used, anyway, so their values don't matter as long as we don't invoke UB. Pick-to: 6.3 6.2 5.15 Change-Id: Idca4e845c77838dfc84acdb68bbbc98382b5e1d5 Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io> Reviewed-by: Anton Kudryavtsev <antkudr@mail.ru> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2021-12-16 07:21:46 +01:00 · 2021-12-16 07:21:46 +01:00 · 6830bdc140
commit 6830bdc140
parent d1626ca6b0
1 changed files with 1 additions and 1 deletions
--- a/src/corelib/text/qstring.cpp
+++ b/src/corelib/text/qstring.cpp
@ -10480,7 +10480,7 @@ static qsizetype qLastIndexOf(Haystack haystack0, qsizetype from,
    const auto needle = needle0.data();
    const auto *end = haystack;
    haystack += from;
-    const std::size_t sl_minus_1 = sl - 1;
+    const std::size_t sl_minus_1 = sl ? sl - 1 : 0;
    const auto *n = needle + sl_minus_1;
    const auto *h = haystack + sl_minus_1;
    std::size_t hashNeedle = 0, hashHaystack = 0;