diff options
| author | Thiago Macieira <thiago.macieira@intel.com> | 2024-06-15 09:17:25 -0700 |
|---|---|---|
| committer | Thiago Macieira <thiago.macieira@intel.com> | 2024-06-17 12:06:16 -0700 |
| commit | 8ac57ff6bc778519bb1edc4036ce79ab8f688e27 (patch) | |
| tree | 77519f5a7cabbaa3c3c22c135329e9f9cf492674 /src/corelib/tools/qbitarray.cpp | |
| parent | 34089abeeac14a6437851530aa25f8b31a22acf1 (diff) | |
QBitArray: fix read of uninitialized terminating null
Commit 54c373faa4f9582fd09a802727821fd544a7b2c5 updated the bitwise
operations to be more efficient, bypassing QByteArray and going straight
to QByteArrayData (a.k.a. QArrayDataPointer<char>). This meant we also
bypassed the initialization of the null terminator.
This wasn't caught in our unit testing and with some runtimes because
the memory we allocated happened to be zero or contain the information
we wanted. But with Visual Studio, the debug-mode runtime initializes
all newly allocated memory with pattern 0xcd, which showed up as a
problem.
[ChangeLog][QtCore][QBitArray] Fixed a regression introduced in 6.7.0
that could cause QBitArray to report wrong bit counts after a bitwise
operation.
Pick-to: 6.7 6.8
Fixes: QTBUG-126343
Change-Id: Icdc467f26dea4b05ad90fffd17d939c3b416adca
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Diffstat (limited to 'src/corelib/tools/qbitarray.cpp')
| -rw-r--r-- | src/corelib/tools/qbitarray.cpp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/corelib/tools/qbitarray.cpp b/src/corelib/tools/qbitarray.cpp index e4276d383d1..d5643df0250 100644 --- a/src/corelib/tools/qbitarray.cpp +++ b/src/corelib/tools/qbitarray.cpp @@ -531,12 +531,17 @@ static QBitArray sizedForOverwrite(const QBitArray &a1, const QBitArray &a2) QByteArrayData bytes(n, n); // initialize the count of bits in the last byte (see construction note) - if (n1 > n2) + // and the QByteArray null termination (some of our algorithms read it) + if (n1 > n2) { *bytes.ptr = *d1.ptr; - else if (n2 > n1) + bytes.ptr[n1] = 0; + } else if (n2 > n1) { *bytes.ptr = *d2.ptr; - else if (n1) // n1 == n2 + bytes.ptr[n2] = 0; + } else if (n1) { // n1 == n2 *bytes.ptr = qMin(*d1.ptr, *d2.ptr); + bytes.ptr[n1] = 0; + } result.data_ptr() = std::move(bytes); return result; |