Fixed object validation in a boundary case

When a latin1 string stored that has only 2 characters or less, the size of the data is 2+2 (2 bytes for the string length and 2 bytes for the content), so it is quite possible that the table is located right after the data. It should be safe to check offset+sizeof(uit) > tableOffset even for shorter strings because values and table is always aligned, hence even for an empty string, it will take 4 bytes. Change-Id: I859ae0be46ebab38feeaa6aa22fbc31f2f95d443 Sanity-Review: Qt Sanity Bot <qt_sanity_bot@ovi.com> Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
author: Denis Dzyubenko <denis.dzyubenko@nokia.com> 2012-01-11 15:13:30 +0100
committer: Denis Dzyubenko <denis.dzyubenko@nokia.com> 2012-01-11 18:15:02 +0100
commit: 163726cf946bcf519bf17ab747c04363e056041e (patch)
tree: 3d46390882dbfeb4c41dc7fe2503bbba701c4332 /src
parent: 763d19bd197e9c74f9b7775f22abf73b7786eeef (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/qjson.cpp b/src/qjson.cpp
index 5936949..41d0144 100644
--- a/src/qjson.cpp
+++ b/src/qjson.cpp
@@ -270,7 +270,7 @@ bool Value::isValid(const Base *b) const
 
     if (!offset)
         return true;
-    if (offset + sizeof(uint) >= b->tableOffset)
+    if (offset + sizeof(uint) > b->tableOffset)
         return false;
 
     int s = usedStorage(b);
author	Denis Dzyubenko <denis.dzyubenko@nokia.com>	2012-01-11 15:13:30 +0100
committer	Denis Dzyubenko <denis.dzyubenko@nokia.com>	2012-01-11 18:15:02 +0100
commit	163726cf946bcf519bf17ab747c04363e056041e (patch)
tree	3d46390882dbfeb4c41dc7fe2503bbba701c4332 /src
parent	763d19bd197e9c74f9b7775f22abf73b7786eeef (diff)