[Interest] QStringBuilder buffer overflow with string litteral?

Robert Hairgrove evorgriahr at hispeed.ch
Mon Jan 25 15:15:41 CET 2021 

Just an idea, not having to do with QStringBuilder ... why not do 
something like this?

QString fields = columns.join(", ");
if (fields.isEmpty()) fields = "*";
// ...

AFAIK it is only necessary to enclose field names in quotes if the name 
is an SQL keyword. If you still need to quote them, I would do it this way:

QString fields = columns.join("\",\"");
if (fields.isEmpty()) fields = "*";
else {
   fields.prepend("\"").append("\"");
}
// ...

HTH,
Bob Hairgrove

--

On 25.01.21 13:56, Olivier B. wrote:
> Compiling with QT 5.11.1 & |QT_USE_QSTRINGBUILDER||, i get an error 
> with the following code block:|
>
>   QString generateQuery(const QString& tableName, const QStringList& 
> columns, int count)
>   {
>     QString fields = "*";
>     if (!columns.isEmpty())
>     {
>       fields.clear();
>       for (const QString& field : columns)
>       {
>         fields += (fields.isEmpty() ? "" : ", ") + '"' + field + '"';
>       }
>     }
> ...
>
> I just want to build a comma separated list of the items in 'columns', 
> surrounded by quotes.
> But instead of giving "A", "B", "C", this gives UNIQUE (%1)"A"UNIQUE 
> (%1)"B"UNIQUE (%1)"C"
>
> That UNIQUE (%1) is only found in another cpp file of the same DLL 
> project, in strings ", UNIQUE (%1)" passed to QString constructors. So 
> not only is it using the wrong string litteral, it does not read it 
> from the string start.
>
> Passing one/both of the operands of the ternary operator as QStrings 
> makes the problem disappear.
>
> Are there things i should be aware of when using QStringBuilder, such 
> as 'do not put expressions on operators, because of macros that will 
> evaluate them multiple times', or something like that?
> String pooling (/GF of visual studio) is not used, if that matters
>
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> https://lists.qt-project.org/listinfo/interest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20210125/37c0d360/attachment.html>

More information about the Interest mailing list