Details
-
Bug
-
Resolution: Done
-
P4: Low
-
5.12.6
-
None
-
Windows 7
-
-
31e94dc96cf372db27d9a064e770180178f70156 (qt/qtbase/5.14)
Description
// code placeholder QByteArray QGb18030Codec::convertFromUnicode(const QChar *uc, int len, ConverterState *state) const { ... //qDebug("QGb18030Codec::fromUnicode(const QString& uc, int& lenInOut = %d)", lenInOut); for (int i = 0; i < len; i++) { unsigned short ch = uc[i].unicode(); int len; uchar buf[4]; if (high >= 0) { if (uc[i].isLowSurrogate()) { // valid surrogate pair ++i; uint u = QChar::surrogateToUcs4(high, uc[i].unicode()); len = qt_UnicodeToGb18030(u, buf); ...
In the above code,
++i;
may cause subsequent uc[i] to access illegal memory and crash the program. Even there is more bytes in uc, the result of QChar::surrogateToUcs4 is also incorrect. Remove "++i" may fix everything.