From 7a32a2238f52217bc4f0dc4c9620a2a2d350a1ca Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Tue, 4 Mar 2025 12:22:06 +0100 Subject: [PATCH] qurlrecode.cpp: fix Coverity ARRAY_VS_SINGLETON issue MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Coverity has this checker where it complains if you use a T as a T[1]. The C++ standard says that this is fine¹, but qurlrecode.cpp, specifically, is security-critical, so we shouldn't leave Coverity issues unfixed in there. So replace ucs4 with a buffer[1] array and make both dst and ucs4 point to buffer's first (and only) element. Amends 2b82923c8fba5dcff707e344acdf9db8c444a55e. ¹ https://eel.is/c++draft/basic.compound#3.sentence-11 Pick-to: 6.9 6.8 6.5 Coverity-Id: 378435 Change-Id: I8ab2f70b542088e90dc43e616a0202e8c756f204 Reviewed-by: Thiago Macieira --- src/corelib/io/qurlrecode.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/corelib/io/qurlrecode.cpp b/src/corelib/io/qurlrecode.cpp index 60dad31a3eb..bb531e53811 100644 --- a/src/corelib/io/qurlrecode.cpp +++ b/src/corelib/io/qurlrecode.cpp @@ -255,7 +255,9 @@ struct QUrlUtf8Traits : public QUtf8BaseTraitsNoAscii static bool encodedUtf8ToUtf16(QString &result, char16_t *&output, const char16_t *begin, const char16_t *&input, const char16_t *end, char16_t decoded) { - char32_t ucs4 = 0, *dst = &ucs4; + char32_t buffer[1]; + char32_t &ucs4 = buffer[0]; + char32_t *dst = buffer; const char16_t *src = input + 3;// skip the %XX that yielded \a decoded int charsNeeded = QUtf8Functions::fromUtf8(decoded, dst, src, end); if (charsNeeded < 0)