diff options
author | Liang Qi <liang.qi@qt.io> | 2016-11-15 09:51:41 +0100 |
---|---|---|
committer | Liang Qi <liang.qi@qt.io> | 2016-11-15 09:58:16 +0100 |
commit | 9808b53fde1dfc65ad3757cc6720e430c3cc89a2 (patch) | |
tree | a0517ae1e290e7bbdb118c9f01f4e6e5d744998c /src/corelib/json/qjson.cpp | |
parent | c214379156e4c75dcfe59cf73d69b912f4293303 (diff) | |
parent | 246fe271878dbe586b5f3222a78d67dfecd1ca83 (diff) |
Merge remote-tracking branch 'origin/5.6' into 5.7
Conflicts:
configure
src/plugins/platforms/eglfs/qeglfsintegration.cpp
src/plugins/platforms/linuxfb/qlinuxfbintegration.cpp
Change-Id: Id2da7c775439adb62646d5b741ee7c638042b34b
Diffstat (limited to 'src/corelib/json/qjson.cpp')
-rw-r--r-- | src/corelib/json/qjson.cpp | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/src/corelib/json/qjson.cpp b/src/corelib/json/qjson.cpp index 4b98ef076c..5286c4cc8e 100644 --- a/src/corelib/json/qjson.cpp +++ b/src/corelib/json/qjson.cpp @@ -135,10 +135,12 @@ bool Data::valid() const return false; bool res = false; - if (header->root()->is_object) - res = static_cast<Object *>(header->root())->isValid(); + Base *root = header->root(); + int maxSize = alloc - sizeof(Header); + if (root->is_object) + res = static_cast<Object *>(root)->isValid(maxSize); else - res = static_cast<Array *>(header->root())->isValid(); + res = static_cast<Array *>(root)->isValid(maxSize); return res; } @@ -223,9 +225,9 @@ int Object::indexOf(QLatin1String key, bool *exists) const return min; } -bool Object::isValid() const +bool Object::isValid(int maxSize) const { - if (tableOffset + length*sizeof(offset) > size) + if (size > (uint)maxSize || tableOffset + length*sizeof(offset) > size) return false; QString lastKey; @@ -234,8 +236,7 @@ bool Object::isValid() const if (entryOffset + sizeof(Entry) >= tableOffset) return false; Entry *e = entryAt(i); - int s = e->size(); - if (table()[i] + s > tableOffset) + if (!e->isValid(tableOffset - table()[i])) return false; QString key = e->key(); if (key < lastKey) @@ -249,9 +250,9 @@ bool Object::isValid() const -bool Array::isValid() const +bool Array::isValid(int maxSize) const { - if (tableOffset + length*sizeof(offset) > size) + if (size > (uint)maxSize || tableOffset + length*sizeof(offset) > size) return false; for (uint i = 0; i < length; ++i) { @@ -359,12 +360,12 @@ bool Value::isValid(const Base *b) const int s = usedStorage(b); if (!s) return true; - if (s < 0 || offset + s > (int)b->tableOffset) + if (s < 0 || s > (int)b->tableOffset - offset) return false; if (type == QJsonValue::Array) - return static_cast<Array *>(base(b))->isValid(); + return static_cast<Array *>(base(b))->isValid(s); if (type == QJsonValue::Object) - return static_cast<Object *>(base(b))->isValid(); + return static_cast<Object *>(base(b))->isValid(s); return true; } |