From 8135af2cebdaaccefb95f0be149328077d237a89 Mon Sep 17 00:00:00 2001 From: Markus Goetz Date: Tue, 27 Oct 2009 13:03:23 +0100 Subject: Fix integer overflow in string.remove len parameter Task: 262677 Reviewed-by: joao --- src/corelib/tools/qstring.cpp | 6 +++--- tests/auto/qstring/tst_qstring.cpp | 9 +++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/corelib/tools/qstring.cpp b/src/corelib/tools/qstring.cpp index a996f30..55ad28d 100644 --- a/src/corelib/tools/qstring.cpp +++ b/src/corelib/tools/qstring.cpp @@ -1590,12 +1590,12 @@ QString &QString::append(QChar ch) */ QString &QString::remove(int pos, int len) { - if (pos < 0) + if (pos < 0) // count from end of string pos += d->size; if (pos < 0 || pos >= d->size) { // range problems - } else if (pos + len >= d->size) { // pos ok - resize(pos); + } else if (len >= d->size - pos) { + resize(pos); // truncate } else if (len > 0) { detach(); memmove(d->data + pos, d->data + pos + len, diff --git a/tests/auto/qstring/tst_qstring.cpp b/tests/auto/qstring/tst_qstring.cpp index 5dc1da7..2eb3152 100644 --- a/tests/auto/qstring/tst_qstring.cpp +++ b/tests/auto/qstring/tst_qstring.cpp @@ -201,6 +201,7 @@ private slots: void repeatedSignature() const; void repeated() const; void repeated_data() const; + void task262677remove(); }; typedef QList IntList; @@ -4669,6 +4670,14 @@ void tst_QString::repeated_data() const << 4; } +void tst_QString::task262677remove() +{ + QString driveName = QLatin1String("V:\\blahblah\\more_blahblah\\"); + driveName.remove(2, INT_MAX); // should be "V:" - instead, it's "V::\\blahblah\\more_blahblah\\" + QVERIFY(driveName == QLatin1String("V:")); +} + + QTEST_APPLESS_MAIN(tst_QString) #include "tst_qstring.moc" -- cgit v0.12