[Interest] QStringBuilder buffer overflow with string litteral?
Giuseppe D'Angelo
giuseppe.dangelo at kdab.com
Mon Jan 25 15:27:23 CET 2021
Hi,
Il 25/01/21 13:56, Olivier B. ha scritto:
> fields += (fields.isEmpty() ? "" : ", ") + '"' + field + '"';
QStringBuilder usage is a red herring, pay close attention at what
you're doing in the first +: you're summing a const char * (result of
the ternary operator) with a char; that does not do string concatenation...
> Passing one/both of the operands of the ternary operator as QStrings makes the problem disappear.
That however kills the advantage of QStringBuilder. Use QStringView /
QLatin1String instead.
Tip: always define QT_NO_CAST_FROM_ASCII (or the more lenient
QT_RESTRICTED_CAST_FROM_ASCII) in any Qt project.
HTH,
--
Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4329 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20210125/e1f21dfe/attachment.bin>
More information about the Interest
mailing list