AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
96e1381a0a
qt5base-lts/tests
History
Fabian Kosmale 96e1381a0a QBindable: Fix out-of-bound access in non-bindable property support code 
QObjectPrivate::getPropertyAdaptorSlotObject called
connectionsForSignal.
Calling this function is only safe after it has been ensured beforehand that the vector has size > signalIndex. As getPropertyAdaptorSlotObject
is not supposed to modify the vector, it does not resize the vector and it could consequently end up with an out-of-bounds read.

To avoid that issue, we instead first check if the vector can
potentially contain an entry for the signal. If not, we simply return
nullptr, and avoid the call to connectionsForSignal.

The issue and its fix can be verified by running the modified
tst_qproperty test with ASAN enabled. The test is modified in the
following way:
- We first create a signal connection to a dummy slot. Otherwise,
  connections.loadRelaxed() would return a nullptr, and the problematic
  code would never be reached.
- We add enough signals to ensure that the fooChanged signal will
  actually be out of reach (which means >= 8 signals, as the initial
  capacity of the vector is 8)
Running the test without ASAN will most likely not result in a failure,
as then the out-of-bounds read will simply read garbage, and the most
likely result is that the cast below will fail.

Pick-to: 6.6 6.5
Change-Id: I18a3c4f52769c2b6491a685abb84f6fcfb44e4d8
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
2023-06-20 05:55:52 +00:00
..
auto QBindable: Fix out-of-bound access in non-bindable property support code 2023-06-20 05:55:52 +00:00
baseline Baseline tests: wait longer before taking a screen snapshot 2023-04-20 15:17:25 +02:00
benchmarks Fix warning, remove unused variable 2023-05-22 16:45:27 +02:00
global
libfuzzer Change the license of all CMakeLists.txt and *.cmake files to BSD 2022-08-23 23:58:42 +02:00
manual wasm: Document (and rename) config.qt.module 2023-06-20 07:38:41 +02:00
shared Inline the resetSystemLocale function 2023-01-12 19:54:13 +01:00
testserver Use SPDX license identifiers 2022-05-16 16:37:38 +02:00
CMakeLists.txt Rid of 'special case' markers 2023-04-13 18:30:58 +02:00
README

README 

This directory contains autotests and benchmarks based on Qt Test. In order
to run the autotests reliably, you need to configure a desktop to match the
test environment that these tests are written for.

Linux X11:

   * The user must be logged in to an active desktop; you can't run the
     autotests without a valid DISPLAY that allows X11 connections.

   * The tests are run against a KDE3 or KDE4 desktop.

   * Window manager uses "click to focus", and not "focus follows mouse". Many
     tests move the mouse cursor around and expect this to not affect focus
     and activation.

   * Disable "click to activate", i.e., when a window is opened, the window
     manager should automatically activate it (give it input focus) and not
     wait for the user to click the window.