QArrayData: fix UB via reinterpret_cast (crash with FORTIFY_SOURCE=3) (!181) · Merge requests · Qt Project / qt / qtbase

Sam James requested to merge thesamesam/qtbase:fortify-source-3 into kde/5.15 Jun 20, 2022

QArrayData: fix UB via reinterpret_cast (crash with FORTIFY_SOURCE=3)

FORTIFY_SOURCE=3 is a new level of FORTIFY_SOURCE available with GCC 12+.

With Qt 5.15, it ends up triggering UB in the pointer arithmetic
in QArrayData which breaks various FOSS applications using qtcore.

Qt upstream fixed this independently for 6.x (in at least
eab6eb64d2fab21c4791738323ca7d670a907de1) but did so at the same time as
various internal changes and hence is not appropriate for cherry-picking to 5.15.x.

I reported the issue to Qt (QTBUG-103782) and they've created a fix for 5.15 which
is not yet public but based on the description in the bug, should be functionally
the same as this. They have not backported the intrusive internal changes
from 6.x.

Originally grabbed from https://build.opensuse.org/package/view_file/KDE:Qt:5.15/libqt5-qtbase/mitigate-FORTIFY_SOURCE-3.patch.

Bug: https://bugs.gentoo.org/847145
Bug: https://bugs.gentoo.org/852974
Bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104964
Bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105709
Task-number: QTBUG-103782
Thanks-to: Martin Liška <mliska@suse.cz>

Edited Jun 20, 2022 by Sam James

QArrayData: fix UB via reinterpret_cast (crash with FORTIFY_SOURCE=3)

Merge request reports