QVariant: Fix crash when comparing two variant with the same undefined type.

If the type is the same, but not registered, the returned string could be
null (or empty if a empty string was registered)
In that case, QVariant compare() function  would access invalid memory.

Protect against that case. qstrcmp returns 0 if 0 is given as a parametter.

Task-number: QTBUG-8700
Reviewed-by: Markus Goetz

1 files changed, 2 insertions, 1 deletions

diff --git a/src/corelib/kernel/qvariant.cpp b/src/corelib/kernel/qvariant.cpp
index e1b5825..95b2352 100644
--- a/src/corelib/kernel/qvariant.cpp
+++ b/src/corelib/kernel/qvariant.cpp
@@ -466,7 +466,8 @@ static bool compare(const QVariant::Private *a, const QVariant::Private *b)
      * QMetaType::VoidStar, QMetaType::QObjectStar and so forth, is that it wouldn't include
      * user defined pointer types. */
     const char *const typeName = QMetaType::typeName(a->type);
-    if (typeName[qstrlen(typeName) - 1] == '*')
+    uint typeNameLen = qstrlen(typeName);
+    if (typeNameLen > 0 && typeName[typeNameLen - 1] == '*')
         return *static_cast<void *const *>(a_ptr) == *static_cast<void *const *>(b_ptr);
 
     return a_ptr == b_ptr;