diff options
| author | Thiago Macieira <thiago.macieira@intel.com> | 2020-04-15 15:16:06 -0300 |
|---|---|---|
| committer | Thiago Macieira <thiago.macieira@intel.com> | 2020-04-30 08:01:28 -0300 |
| commit | 821e71fded090d815b5cd396057ac9823874fe1f (patch) | |
| tree | d9812705ca88fa4b78aae6e69e76e5348af9f75c | |
| parent | 8366c06d46f63b12b88abaddb0ff7a6b6dda75a4 (diff) | |
QCborValue: check parsing of invalid URL
QUrl will reject invalid URLs for us, so we don't get normalization. The
original junk should be retrievable, of course.
Change-Id: Ibdc95e9af7bd456a94ecfffd160610f5b2c8e1a2
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
| -rw-r--r-- | src/corelib/serialization/qcborvalue.cpp | 8 | ||||
| -rw-r--r-- | tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp | 8 |
2 files changed, 13 insertions, 3 deletions
diff --git a/src/corelib/serialization/qcborvalue.cpp b/src/corelib/serialization/qcborvalue.cpp index 30bfa367ed..3bca15d562 100644 --- a/src/corelib/serialization/qcborvalue.cpp +++ b/src/corelib/serialization/qcborvalue.cpp @@ -827,9 +827,11 @@ static QCborValue::Type convertToExtendedType(QCborContainerPrivate *d) // normalize to a short (decoded) form, so as to save space QUrl url(e.flags & Element::StringIsUtf16 ? b->asQStringRaw() : - b->toUtf8String()); - QByteArray encoded = url.toString(QUrl::DecodeReserved).toUtf8(); - replaceByteData(encoded, encoded.size(), {}); + b->toUtf8String(), QUrl::StrictMode); + if (url.isValid()) { + QByteArray encoded = url.toString(QUrl::DecodeReserved).toUtf8(); + replaceByteData(encoded, encoded.size(), {}); + } } return QCborValue::Url; } diff --git a/tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp b/tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp index e8acd29bbc..9c1341e252 100644 --- a/tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp +++ b/tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp @@ -2053,6 +2053,14 @@ void tst_QCborValue::extendedTypeValidation_data() qSwap(c, dt[i]); } } + + // Improperly-encoded URLs + { + const char badurl[] = "%zz"; + QTest::newRow("Url:Invalid") + << encode(0xd8, int(QCborKnownTags::Url), 0x60 + int(strlen(badurl)), badurl) + << QCborValue(QCborKnownTags::Url, QLatin1String(badurl)); + } } void tst_QCborValue::extendedTypeValidation() |