From: Chris Adams <christopher.adams@nokia.com>
Date: Thu, 31 May 2012 04:00:48 +0000 (+1000)
Subject: Fix crash in QStringBuilder when concatenating data-less QLatin1String
X-Git-Tag: 071012110112~676
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=fbee9834dc0fa1838a38e552eddd941af1ef39ac;p=profile%2Fivi%2Fqtbase.git

Fix crash in QStringBuilder when concatenating data-less QLatin1String

Previously, the append functions in QConcatenable in the QStringBuilder
dereferenced the data() pointer of the argument QLatin1String without
performing null check.

Change-Id: I629f19fbce3113f1f80f4272fa7ae34e1dbc6bee
Reviewed-by: Olivier Goffart <ogoffart@woboq.com>
---

diff --git a/src/corelib/tools/qstringbuilder.h b/src/corelib/tools/qstringbuilder.h
index 1f13d0d..b3d47d2 100644
--- a/src/corelib/tools/qstringbuilder.h
+++ b/src/corelib/tools/qstringbuilder.h
@@ -230,13 +230,17 @@ template <> struct QConcatenable<QLatin1String>
     static int size(const QLatin1String a) { return a.size(); }
     static inline void appendTo(const QLatin1String a, QChar *&out)
     {
-        for (const char *s = a.data(); *s; )
-            *out++ = QLatin1Char(*s++);
+        if (a.data()) {
+            for (const char *s = a.data(); *s; )
+                *out++ = QLatin1Char(*s++);
+        }
     }
     static inline void appendTo(const QLatin1String a, char *&out)
     {
-        for (const char *s = a.data(); *s; )
-            *out++ = *s++;
+        if (a.data()) {
+            for (const char *s = a.data(); *s; )
+                *out++ = *s++;
+        }
     }
 };
 
diff --git a/tests/auto/corelib/tools/qstringbuilder/qstringbuilder1/stringbuilder.cpp b/tests/auto/corelib/tools/qstringbuilder/qstringbuilder1/stringbuilder.cpp
index 8955da9..c473017 100644
--- a/tests/auto/corelib/tools/qstringbuilder/qstringbuilder1/stringbuilder.cpp
+++ b/tests/auto/corelib/tools/qstringbuilder/qstringbuilder1/stringbuilder.cpp
@@ -211,6 +211,13 @@ void runScenario()
         str = (QString::fromUtf8(UTF8_LITERAL) += QLatin1String(LITERAL) P UTF8_LITERAL);
         QCOMPARE(str, QString::fromUtf8(UTF8_LITERAL LITERAL UTF8_LITERAL));
 #endif
+
+        QString str2 = QString::fromUtf8(UTF8_LITERAL);
+        QString str2_e = QString::fromUtf8(UTF8_LITERAL);
+        const char * nullData = 0;
+        str2 += QLatin1String(nullData) P str2;
+        str2_e += QLatin1String("") P str2_e;
+        QCOMPARE(str2, str2_e);
     }
 
     //operator QByteArray  +=