Go to file
Edward Welbourne c066656aff Avoid read-outside-array error by QStringRef over-reach
Constructing a QStringRef directly from the string, offset and a
length is UB if the offset + length exceeds the string's length.
Thanks to Robert Loehning and libFuzzer for finding this.
QString::midRef (as correctly used in both changed uses of QStringRef,
since 432d3b6962) takes care of that for us.  Changed one UB case and
a matching but correct case, for consistency.

In the process, deduplicate a QStringList look-up.
Added tests to exercise the code (but the one that exercises the
formerly UB case doesn't crash before the fix, so isn't very useful;
the invalid read is only outside the array it's scanning, not outside
allocated memory).

Change-Id: I7051bbbc0267dd7ec0a8f75eee2034d0b7eb75a2
Reviewed-by: Anton Kudryavtsev <antkudr@mail.ru>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2019-02-08 13:56:25 +00:00
bin syncqt: Do not clean header directory before "-minimal" run 2018-11-22 14:16:53 +00:00
config.tests x86: Disable AVX support on 64-bit MinGW 2019-02-06 08:11:29 +00:00
dist Add changes file for Qt 5.12.1 2019-01-21 16:47:48 +00:00
doc Merge remote-tracking branch 'origin/5.12.1' into 5.12 2019-01-23 10:13:29 +01:00
examples Use requestUpdate instead of timer in a few GL examples 2019-01-22 21:25:39 +00:00
lib Purge all fonts 2015-08-18 19:59:14 +00:00
mkspecs Android: follow official android flags for cmake 2019-02-07 09:02:17 +00:00
qmake Make the Makefile a dependency of default targets for nmake 2019-02-04 08:10:25 +00:00
src Avoid read-outside-array error by QStringRef over-reach 2019-02-08 13:56:25 +00:00
tests Avoid read-outside-array error by QStringRef over-reach 2019-02-08 13:56:25 +00:00
util Clean up and update Unicode character data 3rd-party infrastructure 2018-11-11 22:09:27 +00:00
.gitattributes Update the git-archive export options 2012-09-07 15:39:31 +02:00
.gitignore Remove support for qml1 plugins and modules 2018-11-15 19:52:13 +00:00
.qmake.conf Bump version 2019-01-14 09:12:55 +02:00
.tag Update the git-archive export options 2012-09-07 15:39:31 +02:00
config_help.txt configure: improve warning when all qpa plugins disabled with features.gui 2019-01-07 07:27:35 +00:00
configure configure: Treat win32-clang-g++ the same as win32-g++ 2018-10-10 04:10:40 +00:00
configure.bat configure: Prefer cl.exe over clang-cl.exe 2018-01-04 21:22:42 +00:00
configure.json configure: enable inline tests to contain auxiliary files 2018-12-19 19:22:06 +00:00
configure.pri Make Android arch x86_64 to use platform-21 2019-01-08 11:47:02 +00:00
header.BSD Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.COMM Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.FDL Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.GPL Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.GPL-EXCEPT Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.LGPL Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.LGPL3 Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.LGPL3-COMM Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.LGPL-NOGPL2 Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.LGPL-ONLY Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.MIT qsimd: add support for new x86 CPU features 2018-05-05 06:20:07 +00:00
INSTALL Doc: Update links in INSTALL file 2015-02-16 09:06:41 +00:00
LICENSE.FDL Initial import from the monolithic Qt. 2011-04-27 12:05:43 +02:00
LICENSE.GPL2 Add new license header templates and license files 2016-01-14 20:43:46 +00:00
LICENSE.GPL3 Add new license header templates and license files 2016-01-14 20:43:46 +00:00
LICENSE.GPL3-EXCEPT Add new license header templates and license files 2016-01-14 20:43:46 +00:00
LICENSE.LGPL3 Add new license header templates and license files 2016-01-14 20:43:46 +00:00
LICENSE.LGPLv3 Remove LICENSE.GPLv3, LICENSE.LGPLv21, LGPL_EXCEPTION.txt 2018-04-16 11:02:14 +00:00
LICENSE.QT-LICENSE-AGREEMENT-4.0 Replace commercial preview license with Qt License Agreement 4.0 2018-06-21 11:39:15 +00:00
qtbase.pro nuke configure -host-option 2016-12-13 18:55:59 +00:00
sync.profile Fix build failed with ANGLE 2018-10-16 05:19:43 +00:00