Re: auto QString(Builder) considered VERY HARMFUL -> use clazy, especially before releases
- Date: Fri, 28 Sep 2018 21:37:44 +0200
- From: Andreas Hartmetz <ahartmetz@xxxxxxxxx>
- Subject: Re: auto QString(Builder) considered VERY HARMFUL -> use clazy, especially before releases
Am Freitag, 28. September 2018, 11:15:52 CEST schrieb Friedrich W. H.
> Am Freitag, 28. September 2018, 01:03:01 CEST schrieb Albert Astals
> > El dijous, 27 de setembre de 2018, a les 21:01:13 CEST, Friedrich W.
> > H.
> Kossebau va escriure:
> > > One would recommend to run clazy over your code at least before
> > > releases, to catch all kind of potential issues :)
> > Or since this is a crasher, just run your app and it'll crash?
> > Or even better, add autotests that exercise the code and they'll
> > crash too?
> s/Or/And/ ? :)
> BTW, not necessarily a crasher, the references can point to random
> data which still can get interpreted into proper QString data, which
> will "only" deliver bogus string results (or by chance even "correct"
> one if it's still the old data at the used memory), but not trigger a
> crash, as no data is changed, as the reference is only read from. At
> least from what I remember to have seen.
> ASan seems to help here though, I think I fixed at least one such bug
> due to ASan throwing up use-after-free or similar on KDE CI and thus
> pointing out the issue.
To add to that, the most recent instance I fixed was from 2016 and was
triggered by some new changes introducing (AFAICS) no fault of their
own. They just shuffled things around enough to trigger the latent bug.