From 856fb1ab44722f5165fb6b5dec0bd748006acd10 Mon Sep 17 00:00:00 2001 From: Gatis Paeglis Date: Tue, 5 Mar 2019 10:49:10 +0100 Subject: [PATCH] xcb: check for nullptr when reading AT_SPI_BUS property We always have to check the return value of xcb_get_property(), but this code did not do it. These xcb functions do not check for validity of the pointer, so we have to make sure that we pass-in something valid: void * xcb_get_property_value (const xcb_get_property_reply_t *R) { return (void *) (R + 1); } int xcb_get_property_value_length (const xcb_get_property_reply_t *R) { return (R->value_len * (R->format / 8)); } Fixes: QTBUG-74067 Change-Id: Iabbc81e6079d96c7314d16dd78783de07f9ad629 Reviewed-by: Mikhail Svetkin Reviewed-by: Frederik Gladhorn --- src/plugins/platforms/xcb/qxcbnativeinterface.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/plugins/platforms/xcb/qxcbnativeinterface.cpp b/src/plugins/platforms/xcb/qxcbnativeinterface.cpp index 524af5a2a7..6f3584f509 100644 --- a/src/plugins/platforms/xcb/qxcbnativeinterface.cpp +++ b/src/plugins/platforms/xcb/qxcbnativeinterface.cpp @@ -412,12 +412,15 @@ void *QXcbNativeInterface::atspiBus() auto reply = Q_XCB_REPLY(xcb_get_property, defaultConnection->xcb_connection(), false, defaultConnection->rootWindow(), atspiBusAtom, XCB_ATOM_STRING, 0, 128); - Q_ASSERT(!reply->bytes_after); + if (!reply) + return nullptr; + char *data = (char *)xcb_get_property_value(reply.get()); int length = xcb_get_property_value_length(reply.get()); return new QByteArray(data, length); } - return 0; + + return nullptr; } void QXcbNativeInterface::setAppTime(QScreen* screen, xcb_timestamp_t time)