Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P4: Low
Fix Version/s: 5.14.1, 5.15.0 Alpha
Affects Version/s: 5.12.6
Component/s: Core: QString and Unicode
Labels:
None
Environment:
Windows 7

Platform/s:

All
Commits:
31e94dc96cf372db27d9a064e770180178f70156 (qt/qtbase/5.14)

Description

// code placeholder
QByteArray QGb18030Codec::convertFromUnicode(const QChar *uc, int len, ConverterState *state) const
{
    ...
    //qDebug("QGb18030Codec::fromUnicode(const QString& uc, int& lenInOut = %d)", lenInOut);
    for (int i = 0; i < len; i++) {
        unsigned short ch = uc[i].unicode();
        int len;
        uchar buf[4];
        if (high >= 0) {
            if (uc[i].isLowSurrogate()) {
                // valid surrogate pair
                ++i;
                uint u = QChar::surrogateToUcs4(high, uc[i].unicode());
                len = qt_UnicodeToGb18030(u, buf);
    ...

In the above code,

++i;

may cause subsequent uc[i] to access illegal memory and crash the program. Even there is more bytes in uc, the result of QChar::surrogateToUcs4 is also incorrect. Remove "++i" may fix everything.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Thiago Macieira

Reporter:: Jack Tree

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22 Nov '19 19:56

Updated:: 03 Dec '19 09:25

Resolved:: 02 Dec '19 10:24

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

QGb18030Codec: fix out-of-bounds access when decoding surrogate pairs: Gerrit Review: