[Interest] QStringBuilder buffer overflow with string litteral?
ich
alex at golks.de
Mon Jan 25 16:10:29 CET 2021
Am January 25, 2021 2:47:28 PM UTC schrieb "Olivier B." <perso.olivier.barthelemy at gmail.com>:
>Oh, you are right, thanks. I thought the + operator was on a QString
>and
>adding a char would be faster than adding a 1-char string, but it just
>changed the char* pointer address instead.
>
>Le lun. 25 janv. 2021 à 15:32, Giuseppe D'Angelo via Interest <
>interest at qt-project.org> a écrit :
>
>> Hi,
>>
>> Il 25/01/21 13:56, Olivier B. ha scritto:
>> > fields += (fields.isEmpty() ? "" : ", ") + '"' + field +
>'"';
>>
>> QStringBuilder usage is a red herring, pay close attention at what
>> you're doing in the first +: you're summing a const char * (result of
>> the ternary operator) with a char; that does not do string
>concatenation...
>>
>> > Passing one/both of the operands of the ternary operator as
>QStrings
>> makes the problem disappear.
>>
>> That however kills the advantage of QStringBuilder. Use QStringView /
>> QLatin1String instead.
>>
>> Tip: always define QT_NO_CAST_FROM_ASCII (or the more lenient
>> QT_RESTRICTED_CAST_FROM_ASCII) in any Qt project.
>>
>> HTH,
>> --
>> Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software
>Engineer
>> KDAB (France) S.A.S., a KDAB Group company
>> Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
>> KDAB - The Qt, C++ and OpenGL Experts
>>
>> _______________________________________________
>> Interest mailing list
>> Interest at qt-project.org
>> https://lists.qt-project.org/listinfo/interest
>>
we're coming closer to Bobby Tables;' now xD
--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20210125/c7abb63f/attachment.html>
More information about the Interest
mailing list