QLatin1StringView: fix UB in "a"_L1 <> nullptr

Found by ubsan: if rhs is nullptr, then we fed a nullptr as the second argument of memcmp(), which is UB. Fix by catching an empty rhs before we reach that line. Amends e52d50a03da29e2dddaee551e4409f28c7ed56f2 (which, despite pick-to's to the contrary, never made it into 6.2 or 5.15). Change b977ae371a753a82e1d0bb32c5b62099da663721 fixed this for UTF-8/UTF-8 comparison from 6.5 on, but 6.4 ad 6.3 remain vulnerable there, but they're closed, so can't be fixed anymore. Pick-to: 6.5 Change-Id: I12fa986aa82a7440a9d53fad19a15e9420233e0b Reviewed-by: Ivan Solovev <ivan.solovev@qt.io> (cherry picked from commit 89f184b4034ce54b8a3439069e57b0f35798fec3) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
2024-05-27 15:39:35 +02:00 · 2024-05-27 15:39:35 +02:00 · a32e8d4263
commit a32e8d4263
parent 4809d41e67
1 changed files with 2 additions and 0 deletions
--- a/src/corelib/text/qstring.cpp
+++ b/src/corelib/text/qstring.cpp
@ -1548,6 +1548,8 @@ int QtPrivate::compareStrings(QLatin1StringView lhs, QLatin1StringView rhs, Qt::
 {
    if (lhs.isEmpty())
        return qt_lencmp(qsizetype(0), rhs.size());
+    if (rhs.isEmpty())
+        return qt_lencmp(lhs.size(), qsizetype(0));
    if (cs == Qt::CaseInsensitive)
        return latin1nicmp(lhs.data(), lhs.size(), rhs.data(), rhs.size());
    const auto l = std::min(lhs.size(), rhs.size());