From 2f8d5ea487478af448442df42d88a3504155a199 Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@qt.io>
Date: Mon, 8 Jan 2024 15:31:48 +0100
Subject: [PATCH] QUuid:: fix UB in (Id128Bytes) ctor

After qbswap() has run, the Id128Bytes active member is data64, yet
the rest of the QUuid constructor accesses .data. This is UB.

Use the void* dest overload of qbswap() or memcpy() the Id128Bytes
into a char buffer and consume data from there instead.

Amends 686c02224c03735356bdab987bf62644eb34cc34.

Task-number: QTBUG-120637
Pick-to: 6.7 6.6 6.5
Change-Id: Iba62a692391a5600b867c30dcb3bc50b82ee072f
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit f5b7e8a3fbc27082651b8eda08f1fe4ff7d70f3f)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/corelib/plugin/quuid.h | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/corelib/plugin/quuid.h b/src/corelib/plugin/quuid.h
index 74c591cd993..49f2b6749cd 100644
--- a/src/corelib/plugin/quuid.h
+++ b/src/corelib/plugin/quuid.h
@@ -283,12 +283,15 @@ Q_CORE_EXPORT size_t qHash(const QUuid &uuid, size_t seed = 0) noexcept;
 
 QUuid::QUuid(Id128Bytes uuid, QSysInfo::Endian order) noexcept
 {
+    char bytes[sizeof uuid];
     if (order == QSysInfo::LittleEndian)
-        uuid = qbswap(uuid);
-    data1 = qFromBigEndian<quint32>(&uuid.data[0]);
-    data2 = qFromBigEndian<quint16>(&uuid.data[4]);
-    data3 = qFromBigEndian<quint16>(&uuid.data[6]);
-    memcpy(data4, &uuid.data[8], sizeof(data4));
+        qbswap(uuid, bytes);
+    else
+        memcpy(bytes, &uuid, sizeof bytes);
+    data1 = qFromBigEndian<quint32>(&bytes[0]);
+    data2 = qFromBigEndian<quint16>(&bytes[4]);
+    data3 = qFromBigEndian<quint16>(&bytes[6]);
+    memcpy(data4, &bytes[8], sizeof(data4));
 }
 
 QUuid::Id128Bytes QUuid::toBytes(QSysInfo::Endian order) const noexcept