Blame SOURCES/0017-QQmlJs-FixedPoolArray-fix-UB-precondition-violation-.patch
|
 |
77f9a9 |
From c6e595e7fbbe80c8db7ae33d8af05a4fd946a2f5 Mon Sep 17 00:00:00 2001
|
|
|
77f9a9 |
From: Marc Mutz <marc.mutz@qt.io>
|
|
|
77f9a9 |
Date: Tue, 21 Dec 2021 09:20:17 +0100
|
|
|
77f9a9 |
Subject: [PATCH 17/20] QQmlJs::FixedPoolArray: fix UB (precondition violation)
|
|
|
77f9a9 |
in allocate()
|
|
|
77f9a9 |
|
|
|
77f9a9 |
Says ubsan:
|
|
|
77f9a9 |
|
|
|
77f9a9 |
qqmljsfixedpoolarray_p.h:90:19: runtime error: null pointer passed as argument 2, which is declared to never be null
|
|
|
77f9a9 |
|
|
|
77f9a9 |
Fix, like in so many other places, by a size check.
|
|
|
77f9a9 |
|
|
|
77f9a9 |
Pick-to: 6.3 6.2 5.15
|
|
|
77f9a9 |
Change-Id: I9181d6ecb467c2dc726978ce7f93b35a6bf2f944
|
|
|
77f9a9 |
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|
|
77f9a9 |
(cherry picked from commit d74e931f3fc2587ac6d1e2930acbbe54ea5be2b5)
|
|
|
77f9a9 |
---
|
|
|
77f9a9 |
src/qml/common/qqmljsfixedpoolarray_p.h | 2 +-
|
|
|
77f9a9 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
77f9a9 |
|
|
|
77f9a9 |
diff --git a/src/qml/common/qqmljsfixedpoolarray_p.h b/src/qml/common/qqmljsfixedpoolarray_p.h
|
|
|
77f9a9 |
index b65b994d6c..15a8cd6878 100644
|
|
|
77f9a9 |
--- a/src/qml/common/qqmljsfixedpoolarray_p.h
|
|
|
77f9a9 |
+++ b/src/qml/common/qqmljsfixedpoolarray_p.h
|
|
|
77f9a9 |
@@ -86,7 +86,7 @@ public:
|
|
|
77f9a9 |
if (QTypeInfo<T>::isComplex) {
|
|
|
77f9a9 |
for (int i = 0; i < count; ++i)
|
|
|
77f9a9 |
new (data + i) T(vector.at(i));
|
|
|
77f9a9 |
- } else {
|
|
|
77f9a9 |
+ } else if (count) {
|
|
|
77f9a9 |
memcpy(data, static_cast<const void*>(vector.constData()), count * sizeof(T));
|
|
|
77f9a9 |
}
|
|
|
77f9a9 |
}
|
|
|
77f9a9 |
--
|
|
|
77f9a9 |
2.35.1
|
|
|
77f9a9 |
|