Heap buffer overflow detected by ASan

[Randl]

==26577==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6080000040f4 at pc 0x00000058ebfc bp 0x7ffd8fecbc20 sp 0x7ffd8fecb3d0
READ of size 53 at 0x6080000040f4 thread T0
    #0 0x58ebfb in __interceptor_strndup.part.278 (/home/vista/dev/tdesktop/cmake-build-debug/Telegram/Telegram+0x58ebfb)
    #1 0x7fb49177f60e  (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x460e)
    #2 0x7fb49177ec61 in xkb_x11_keymap_new_from_device (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x3c61)
    #3 0x7fb49ad1a1fc  (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x421fc)
    #4 0x7fb49ad1b28c  (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x4328c)
    #5 0x7fb49ad15a1a in QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x3da1a)
    #6 0x7fb49ad19019 in QXcbIntegration::QXcbIntegration(QStringList const&, int&, char**) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x41019)
    #7 0x7fb49afdb2aa in _init (/usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/libqxcb.so+0x12aa)
    #8 0x7fb4b9cc2f8c in QPlatformIntegrationFactory::create(QString const&, QStringList const&, int&, char**, QString const&) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xe8f8c)
    #9 0x7fb4b9cd3349 in QGuiApplicationPrivate::createPlatformIntegration() (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xf9349)
    #10 0x7fb4b9cd3e3c in QGuiApplicationPrivate::createEventDispatcher() (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xf9e3c)
    #11 0x7fb4b9721b84 in QCoreApplicationPrivate::init() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x290b84)
    #12 0x7fb4b9cd58ce in QGuiApplicationPrivate::init() (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xfb8ce)
    #13 0x7fb4be005288 in QApplicationPrivate::init() (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x159288)
    #14 0x28ff1ad in Application::Application(int&, char**) /home/vista/dev/tdesktop/Telegram/SourceFiles/application.cpp:75:52
    #15 0x2974fc8 in main /home/vista/dev/tdesktop/Telegram/SourceFiles/main.cpp:48:15
    #16 0x7fb4b83b61c0 in __libc_start_main /build/glibc-CxtIbX/glibc-2.26/csu/../csu/libc-start.c:308
    #17 0x500389 in _start (/home/vista/dev/tdesktop/cmake-build-debug/Telegram/Telegram+0x500389)

0x6080000040f4 is located 0 bytes to the right of 84-byte region [0x6080000040a0,0x6080000040f4)
allocated by thread T1 (QXcbEventReader) here:
    #0 0x5bfd80 in __interceptor_malloc (/home/vista/dev/tdesktop/cmake-build-debug/Telegram/Telegram+0x5bfd80)
    #1 0x7fb4ae09ae2b  (/usr/lib/x86_64-linux-gnu/libxcb.so.1+0xde2b)

Thread T1 (QXcbEventReader) created by T0 here:
    #0 0x519400 in pthread_create (/home/vista/dev/tdesktop/cmake-build-debug/Telegram/Telegram+0x519400)
    #1 0x7fb4b953c795 in QThread::start(QThread::Priority) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0xab795)

SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/vista/dev/tdesktop/cmake-build-debug/Telegram/Telegram+0x58ebfb) in __interceptor_strndup.part.278
Shadow bytes around the buggy address:
  0x0c107fff87c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff87d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff87e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff87f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8800: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
=>0x0c107fff8810: fa fa fa fa 00 00 00 00 00 00 00 00 00 00[04]fa
  0x0c107fff8820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
QApplication: invalid style override passed, ignoring it.
=================================================================

==26577==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6040000d4bff at pc 0x0000005992fb bp 0x7ffd8fec5d90 sp 0x7ffd8fec5540
READ of size 7 at 0x6040000d4bff thread T0
    #0 0x5992fa in __interceptor_memcmp.part.282 (/home/vista/dev/tdesktop/cmake-build-debug/Telegram/Telegram+0x5992fa)
    #1 0x6c84b7 in Lang::GetKeyIndex(QLatin1String) /home/vista/dev/tdesktop/cmake-build-debug/Telegram/lang_auto.cpp:13610:20
    #2 0x1c431f6 in LangKey Lang::Instance::ParseKeyValue<std::vector<QString, std::allocator<QString> > >(QByteArray const&, QByteArray const&, std::vector<QString, std::allocator<QString> >&) /home/vista/dev/tdesktop/Telegram/SourceFiles/lang/lang_instance.cpp:453:18
    #3 0x1c37bbb in Lang::Instance::applyValue(QByteArray const&, QByteArray const&) /home/vista/dev/tdesktop/Telegram/SourceFiles/lang/lang_instance.cpp:469:15
    #4 0x1c3762a in Lang::Instance::fillFromSerialized(QByteArray const&) /home/vista/dev/tdesktop/Telegram/SourceFiles/lang/lang_instance.cpp:319:3
    #5 0x222ac02 in Local::readLangPack() /home/vista/dev/tdesktop/Telegram/SourceFiles/storage/localstorage.cpp:3947:19
    #6 0x2217667 in Local::start() /home/vista/dev/tdesktop/Telegram/SourceFiles/storage/localstorage.cpp:2335:2
    #7 0x2b46bbf in Messenger::startLocalStorage() /home/vista/dev/tdesktop/Telegram/SourceFiles/messenger.cpp:477:2
    #8 0x2b452cc in Messenger::Messenger() /home/vista/dev/tdesktop/Telegram/SourceFiles/messenger.cpp:91:2
    #9 0x290b4a7 in std::_MakeUniq<Messenger>::__single_object std::make_unique<Messenger>() /usr/bin/../lib/gcc/x86_64-linux-gnu/7.2.0/../../../../include/c++/7.2.0/bits/unique_ptr.h:825:34
    #10 0x2908c75 in Application::createMessenger() /home/vista/dev/tdesktop/Telegram/SourceFiles/application.cpp:302:23
    #11 0x2904c71 in Sandbox::launch() /home/vista/dev/tdesktop/Telegram/SourceFiles/application.cpp:410:17
    #12 0x2900196 in Application::singleInstanceChecked() /home/vista/dev/tdesktop/Telegram/SourceFiles/application.cpp:209:4
    #13 0x29036f1 in Application::socketError(QLocalSocket::LocalSocketError) /home/vista/dev/tdesktop/Telegram/SourceFiles/application.cpp:182:2
    #14 0x2cb706d in Application::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/vista/dev/tdesktop/cmake-build-debug/Telegram/Telegram_autogen/T6Y2NIRYHF/moc_application.cpp:116:21
    #15 0x7fb4b97498e4 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b88e4)
    #16 0x7fb4bdc08950 in QLocalSocket::error(QLocalSocket::LocalSocketError) (/usr/lib/x86_64-linux-gnu/libQt5Network.so.5+0xe7950)
    #17 0x7fb4bdc16d89  (/usr/lib/x86_64-linux-gnu/libQt5Network.so.5+0xf5d89)
    #18 0x7fb4bdc17631  (/usr/lib/x86_64-linux-gnu/libQt5Network.so.5+0xf6631)
    #19 0x7fb4bdc1780b in QLocalSocket::connectToServer(QFlags<QIODevice::OpenModeFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Network.so.5+0xf680b)
    #20 0x28ffce4 in Application::Application(int&, char**) /home/vista/dev/tdesktop/Telegram/SourceFiles/application.cpp:101:16
    #21 0x2974fc8 in main /home/vista/dev/tdesktop/Telegram/SourceFiles/main.cpp:48:15
    #22 0x7fb4b83b61c0 in __libc_start_main /build/glibc-CxtIbX/glibc-2.26/csu/../csu/libc-start.c:308
    #23 0x500389 in _start (/home/vista/dev/tdesktop/cmake-build-debug/Telegram/Telegram+0x500389)

0x6040000d4bff is located 0 bytes to the right of 47-byte region [0x6040000d4bd0,0x6040000d4bff)
allocated by thread T0 here:
    #0 0x5bfd80 in __interceptor_malloc (/home/vista/dev/tdesktop/cmake-build-debug/Telegram/Telegram+0x5bfd80)
    #1 0x7fb4b953e9f1 in QArrayData::allocate(unsigned long, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0xad9f1)

SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/vista/dev/tdesktop/cmake-build-debug/Telegram/Telegram+0x5992fa) in __interceptor_memcmp.part.282
Shadow bytes around the buggy address:
  0x0c0880012920: fa fa 00 00 00 00 00 07 fa fa 00 00 00 00 00 04
  0x0c0880012930: fa fa 00 00 00 00 00 06 fa fa 00 00 00 00 00 02
  0x0c0880012940: fa fa 00 00 00 00 00 07 fa fa 00 00 00 00 01 fa
  0x0c0880012950: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 04 fa
  0x0c0880012960: fa fa 00 00 00 00 06 fa fa fa 00 00 00 00 00 02
=>0x0c0880012970: fa fa 00 00 00 00 00 03 fa fa 00 00 00 00 00[07]
  0x0c0880012980: fa fa 00 00 00 00 00 03 fa fa 00 00 00 00 07 fa
  0x0c0880012990: fa fa 00 00 00 00 00 06 fa fa 00 00 00 00 00 07
  0x0c08800129a0: fa fa 00 00 00 00 00 05 fa fa 00 00 00 00 07 fa
  0x0c08800129b0: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 01
  0x0c08800129c0: fa fa 00 00 00 00 00 03 fa fa 00 00 00 00 00 03
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  OpenType support missing for script 11
  OpenType support missing for script 11

=================================================================

Seemingly each of those connected to corresponding error message (QApplication: invalid style override passed, ignoring it. and OpenType support missing for script 11)

[Randl]

https://github.com/Randl/tdesktop/commit/db869f4f01ca23a1c98a9b192c27fff30e9a2787 this hotfixes the second one. Note this appears not to be the proper fix. There is some problem with size checks in codegen/lang/generator.cpp however the logic is not that easy to understand.