[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 99842] kwrite crashes when accepting the find dialog
From:       Richard Smith <kde () metafoo ! co ! uk>
Date:       2005-02-20 12:50:04
Message-ID: 20050220125004.5389.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
         
http://bugs.kde.org/show_bug.cgi?id=99842         




------- Additional Comments From kde metafoo co uk  2005-02-20 13:49 -------
On Sunday 20 February 2005 12:29, Clarence Dang wrote:
> On Sun, 20 Feb 2005 11:13 pm, Clarence Dang wrote:
> > But ordinarily (not QStringList), an iterator is of type T * (where T is
> > the contained type).  So normally testing *T would result in a crash.
>
> Actually, my comment doesn't make sense.  Because if end() returned 0, you
> couldn't possibly decrement it to get fromLast().

As it happens, your comment does make sense (but it's not really true). For 
containers like std::vector and QValueVector, which are stored in contiguous 
memory, iterators are often implemented as pointers. But end() does not 
return 0, since --end() is supposed to work. Nonetheless, end() will be a 
pointer to a value off the end of the vector, so dereferencing it is likely 
to crash.

The Kate code in question is safe only because, due to a mistake made by 
Trolltech in Qt3, the QValueList<T>::end() item contains a valid T instance 
(it really shouldn't, and doesn't in Qt4). In particular, 
*QStringList().end() is a null string in Qt3. That code will not work with 
Qt4.
[prev in list] [next in list] [prev in thread] [next in thread]