Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-99640

Reg->6: QByteArray::append(const char *str, qsizetype len) crashes if len < 0

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 6.2.5, 6.3.0 RC, 6.4.0 Beta1
    • 6.2.2
    • Core: Other
    • None
    • Qt 6.2.2, Windows 11, Msvc 2019 64 bits
    • All
    • bb35b2f64d (qt/qtbase/dev) bb35b2f64d (qt/tqtc-qtbase/dev) c411ab3014 (qt/qtbase/6.2) a457e92451 (qt/qtbase/6.3) c411ab3014 (qt/tqtc-qtbase/6.2) a457e92451 (qt/tqtc-qtbase/6.3) a457e92451 (qt/tqtc-qtbase/6.3.0)

    Description

      Despite the documentation says, QByteArray::append(const char *str, qsizetype len) crashes if len < 0.
      The Qt 6.2.2 QByteArray source code is 

      QByteArray &append(const char *s, qsizetype len)
    { return append(QByteArrayView(s, len)); }

      but:

          template <typename Byte, if_compatible_byte<Byte> = true>
    constexpr QByteArrayView(const Byte *data, qsizetype len)
        : m_size((Q_ASSERT(len >= 0), Q_ASSERT(data || !len), len)),
          m_data(castHelper(data)) {}

      So the application terminates with the Q_ASSERT(len >= 0).
      The same code has been working without problem from Qt 5.0 to Qt 5.15.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            thiago Thiago Macieira
            Hugh Bellemare Hugh Bellemare
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes