diff options
| author | Ulf Hermann <ulf.hermann@qt.io> | 2018-06-06 14:50:55 +0200 |
|---|---|---|
| committer | Ulf Hermann <ulf.hermann@qt.io> | 2018-06-19 10:29:29 +0000 |
| commit | 36d5d3acc1a6bd408b8f0f60c750771b1503e378 (patch) | |
| tree | 6f5e9222be7032ee2773b4352bed56c7f413c523 /src/libs | |
| parent | 909f30f006bb5d34ad09ed823c128e417f3bbc16 (diff) | |
QmlDebug/QmlProfiler: Fix integer range checks
The packet protocol should check if the number of bytes to be read is
positive.
The check in QmlTypedEvent is supposed to happen before we cast the
number to the more restrictive type. Furthermore, if subtype doesn't
fit the range constraint, we don't have to do anything at all as the
default rangeType is already set before.
Change-Id: I45006f8dd752787d59960948b222148d78509aba
Reviewed-by: Tobias Hunger <tobias.hunger@qt.io>
Diffstat (limited to 'src/libs')
| -rw-r--r-- | src/libs/qmldebug/qpacketprotocol.cpp | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/src/libs/qmldebug/qpacketprotocol.cpp b/src/libs/qmldebug/qpacketprotocol.cpp index 9364ffbbbf..76b641a6a5 100644 --- a/src/libs/qmldebug/qpacketprotocol.cpp +++ b/src/libs/qmldebug/qpacketprotocol.cpp @@ -29,8 +29,6 @@ namespace QmlDebug { -static const unsigned int MAX_PACKET_SIZE = 0x7FFFFFFF; - /*! \class QPacketProtocol \internal @@ -98,8 +96,7 @@ class QPacketProtocolPrivate : public QObject public: QPacketProtocolPrivate(QPacketProtocol *parent, QIODevice *_dev) - : QObject(parent), inProgressSize(-1), maxPacketSize(MAX_PACKET_SIZE), - waitingForPacket(false), dev(_dev) + : QObject(parent), inProgressSize(-1), waitingForPacket(false), dev(_dev) { Q_ASSERT(4 == sizeof(qint32)); @@ -152,12 +149,12 @@ public: return; // Read size header - int read = dev->read((char *)&inProgressSize, sizeof(qint32)); + const qint64 read = dev->read((char *)&inProgressSize, sizeof(qint32)); Q_ASSERT(read == sizeof(qint32)); Q_UNUSED(read); // Check sizing constraints - if (inProgressSize > maxPacketSize) { + if (inProgressSize < qint32(sizeof(qint32))) { QObject::disconnect(dev, &QIODevice::readyRead, this, &QPacketProtocolPrivate::readyToRead); QObject::disconnect(dev, &QIODevice::aboutToClose, @@ -191,7 +188,6 @@ public: QList<QByteArray> packets; QByteArray inProgress; qint32 inProgressSize; - qint32 maxPacketSize; bool waitingForPacket; QIODevice *dev; }; |