Details
-
Bug
-
Resolution: Done
-
P4: Low
-
5.12.2
-
None
-
64359ad710756e7cca5ca553521b2aada18fb0fe (qt/qtbase/5.14) 5839535c9fb5d511ed8eec9250ac7ec52fe4e1f6 (qt/qtbase/5.12)
Description
The following fix is needed to allow forĀ
QString() == QString("")
to pass using ubsan
}; // we're going to read a[0..15] and b[0..15] (32 bytes) - for ( ; a + offset + 16 <= end; offset += 16) { + for ( ; offset + 16 <= end - a; offset += 16) { #ifdef __AVX2__ __m256i a_data = _mm256_loadu_si256(reinterpret_cast<const __m256i *>(a + offset)); __m256i b_data = _mm256_loadu_si256(reinterpret_cast<const __m256i *>(b + offset)); @@ -938,7 +938,7 @@ static int ucstrncmp(const QChar *a, const QChar *b, size_t l) } // we're going to read a[0..7] and b[0..7] (16 bytes) - if (a + offset + 8 <= end) { + if (offset + 8 <= end - a) { __m128i a_data = _mm_loadu_si128(reinterpret_cast<const __m128i *>(a + offset)); __m128i b_data = _mm_loadu_si128(reinterpret_cast<const __m128i *>(b + offset)); if (isDifferent(a_data, b_data)) @@ -948,7 +948,7 @@ static int ucstrncmp(const QChar *a, const QChar *b, size_t l) } // we're going to read a[0..3] and b[0..3] (8 bytes) - if (a + offset + 4 <= end) { + if (offset + 4 <= end - a) { __m128i a_data = _mm_loadl_epi64(reinterpret_cast<const __m128i *>(a + offset)); __m128i b_data = _mm_loadl_epi64(reinterpret_cast<const __m128i *>(b + offset)); if (isDifferent(a_data, b_data)) @@ -969,7 +969,7 @@ static int ucstrncmp(const QChar *a, const QChar *b, size_t l) if (l >= 8) { const QChar *end = a + l; const uint16x8_t mask = { 1, 1 << 1, 1 << 2, 1 << 3, 1 << 4, 1 << 5, 1 << 6, 1 << 7 }; - while (a + 7 < end) { + while (7 < end - a) { uint16x8_t da = vld1q_u16(reinterpret_cast<const uint16_t *>(a)); uint16x8_t db = vld1q_u16(reinterpret_cast<const uint16_t *>(b));
Attachments
For Gerrit Dashboard: QTBUG-81218 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
285852,4 | ucstrncmp: Fix UBSan report of array overflowing | 5.14 | qt/qtbase | Status: MERGED | +2 | 0 |
286179,2 | ucstrncmp: Fix UBSan report of array overflowing | 5.12 | qt/qtbase | Status: MERGED | +2 | 0 |