[vlc-commits] gui/qt: bookmarks: fix psz_name lifetime

[Romain Vimont]

vlc | branch: master | Romain Vimont <rom at rom1v.com> | Fri Nov 10 21:26:57 2017 +0100| [ea0a32e1c1cbf3a2ad786d46b46a3d9a449ec274] | committer: Jean-Baptiste Kempf

gui/qt: bookmarks: fix psz_name lifetime

The macro qtu() is defined as follows:

    #define qtu( i ) ((i).toUtf8().constData())

"i" is a QString, .toUtf8() returns a QByteArray, .constData() returns a
pointer to the data inside the QByteArray.

It is important to notice that the QByteArray is temporary. Therefore,
it is "destroyed as the last step in evaluating the full-expression that
(lexically) contains the point where [it was] created".

Concretely, this means that this call is correct:

    do_something( qtu( string ) );

But this one is undefined behavior:

    const char *s = qtu( string );
    do_something( s );

Thus, here, bookmark.psz_name was initialized with a pointer to garbage
data.

To fix the problem, store the QByteArray in a local variable so that it
lives long enough.

(Fixes invalid reads reported by valgrind)

Signed-off-by: Romain Vimont <rom at rom1v.com>
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=ea0a32e1c1cbf3a2ad786d46b46a3d9a449ec274
---

 modules/gui/qt/dialogs/bookmarks.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/gui/qt/dialogs/bookmarks.cpp b/modules/gui/qt/dialogs/bookmarks.cpp
index c3c29a02fe..09b467974f 100644
--- a/modules/gui/qt/dialogs/bookmarks.cpp
+++ b/modules/gui/qt/dialogs/bookmarks.cpp
@@ -168,7 +168,8 @@ void BookmarksDialog::add()
     {
         QString name = THEMIM->getIM()->getName() + " #"
                      + QString::number( bookmarksList->topLevelItemCount() );
-        bookmark.psz_name = const_cast<char *>qtu( name );
+        QByteArray raw = name.toUtf8();
+        bookmark.psz_name = raw.data();
 
         input_Control( p_input, INPUT_ADD_BOOKMARK, &bookmark );
     }