Details
-
Bug
-
Resolution: Done
-
P3: Somewhat important
-
5.0.0
-
None
-
403b15488b3d687bc2830099f075a5ad12f0ef5f
Description
In 2009, commit 8135af2cebdaaccefb95f0be149328077d237a89 corrected an integer overflow bug in QString::remove(int, int). Unfortunately, the same bug exists in QString::replace(), but was not previously detected.
The bug can be easily demonstrated by passing INT_MAX as the second parameter. Suitable test data and a QEXPECT_FAIL have been added to the tst_QString::replace_uint_uint() test function in the QString autotest.
When correcting this bug, don't forget to check whether the same bug exists in other QString::replace() overloads.
It would also be worthwhile to add a note to the function documentation to state what happens when the value of the second parameter is greater than the remaining length of the string. A similar note is already present for QString::remove(int, int).