From fbee9834dc0fa1838a38e552eddd941af1ef39ac Mon Sep 17 00:00:00 2001 From: Chris Adams Date: Thu, 31 May 2012 14:00:48 +1000 Subject: [PATCH] Fix crash in QStringBuilder when concatenating data-less QLatin1String Previously, the append functions in QConcatenable in the QStringBuilder dereferenced the data() pointer of the argument QLatin1String without performing null check. Change-Id: I629f19fbce3113f1f80f4272fa7ae34e1dbc6bee Reviewed-by: Olivier Goffart --- src/corelib/tools/qstringbuilder.h | 12 ++++++++---- .../qstringbuilder/qstringbuilder1/stringbuilder.cpp | 7 +++++++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/src/corelib/tools/qstringbuilder.h b/src/corelib/tools/qstringbuilder.h index 1f13d0da80..b3d47d2250 100644 --- a/src/corelib/tools/qstringbuilder.h +++ b/src/corelib/tools/qstringbuilder.h @@ -230,13 +230,17 @@ template <> struct QConcatenable static int size(const QLatin1String a) { return a.size(); } static inline void appendTo(const QLatin1String a, QChar *&out) { - for (const char *s = a.data(); *s; ) - *out++ = QLatin1Char(*s++); + if (a.data()) { + for (const char *s = a.data(); *s; ) + *out++ = QLatin1Char(*s++); + } } static inline void appendTo(const QLatin1String a, char *&out) { - for (const char *s = a.data(); *s; ) - *out++ = *s++; + if (a.data()) { + for (const char *s = a.data(); *s; ) + *out++ = *s++; + } } }; diff --git a/tests/auto/corelib/tools/qstringbuilder/qstringbuilder1/stringbuilder.cpp b/tests/auto/corelib/tools/qstringbuilder/qstringbuilder1/stringbuilder.cpp index 8955da97fa..c473017d36 100644 --- a/tests/auto/corelib/tools/qstringbuilder/qstringbuilder1/stringbuilder.cpp +++ b/tests/auto/corelib/tools/qstringbuilder/qstringbuilder1/stringbuilder.cpp @@ -211,6 +211,13 @@ void runScenario() str = (QString::fromUtf8(UTF8_LITERAL) += QLatin1String(LITERAL) P UTF8_LITERAL); QCOMPARE(str, QString::fromUtf8(UTF8_LITERAL LITERAL UTF8_LITERAL)); #endif + + QString str2 = QString::fromUtf8(UTF8_LITERAL); + QString str2_e = QString::fromUtf8(UTF8_LITERAL); + const char * nullData = 0; + str2 += QLatin1String(nullData) P str2; + str2_e += QLatin1String("") P str2_e; + QCOMPARE(str2, str2_e); } //operator QByteArray +=