QUrl: fix parsing of empty IPv6 addresses

There's an assertion. Found by Google fuzz scan of CBOR data. Pick-to: 6.0 5.15 Change-Id: I55083c2909f64a1f8868fffd164f1ff3af71605b Reviewed-by: David Faure <david.faure@kdab.com>
author: Thiago Macieira <thiago.macieira@intel.com> 2020-12-09 10:32:03 -0800
committer: Thiago Macieira <thiago.macieira@intel.com> 2020-12-09 12:40:31 -0800
commit: 4a1091f489ac3fee9efd81b0f1ffca4275725610 (patch)
tree: 82ff75f0961dedbbea0b24ef2c3201dd7fb4f76c /src/corelib/io/qurl.cpp
parent: 2bed336599dddd7e7c3cef73107c5ca3e6d6ab27 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/corelib/io/qurl.cpp b/src/corelib/io/qurl.cpp
index b019fe65a9..ba16be7424 100644
--- a/src/corelib/io/qurl.cpp
+++ b/src/corelib/io/qurl.cpp
@@ -1261,10 +1261,16 @@ static const QChar *parseIp6(QString &host, const QChar *begin, const QChar *end
         zoneId = decoded.mid(zoneIdPosition + zoneIdIdentifier.size());
         endBeforeZoneId = decoded.constBegin() + zoneIdPosition;
 
+        // was there anything after the zone ID separator?
         if (zoneId.isEmpty())
             return end;
     }
 
+    // did the address become empty after removing the zone ID?
+    // (it might have always been empty)
+    if (decoded.constBegin() == endBeforeZoneId)
+        return end;
+
     const QChar *ret = QIPAddressUtils::parseIp6(address, decoded.constBegin(), endBeforeZoneId);
     if (ret)
         return begin + (ret - decoded.constBegin());
author	Thiago Macieira <thiago.macieira@intel.com>	2020-12-09 10:32:03 -0800
committer	Thiago Macieira <thiago.macieira@intel.com>	2020-12-09 12:40:31 -0800
commit	4a1091f489ac3fee9efd81b0f1ffca4275725610 (patch)
tree	82ff75f0961dedbbea0b24ef2c3201dd7fb4f76c /src/corelib/io/qurl.cpp
parent	2bed336599dddd7e7c3cef73107c5ca3e6d6ab27 (diff)