Avoid size overflows when inserting into very large JSON objects

QJson has a size limitation for arrays and objects. Make sure we don't go over that size limit and create corrupt objects when inserting data. Change-Id: I45be3caefc282d8041f38acd120b985ed4389b8c Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com> Reviewed-by: Simon Hausmann <simon.hausmann@theqtcompany.com> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
author: Lars Knoll <lars.knoll@theqtcompany.com> 2015-03-18 08:49:39 +0100
committer: Simon Hausmann <simon.hausmann@theqtcompany.com> 2016-02-18 07:38:28 +0000
commit: 03f1a69e9cffe919597373471f7609521a465470 (patch)
tree: 83953ccc59c058dfa66b44e32f51dac5ade9c953 /src/corelib/json/qjson_p.h
parent: 6342fb2c3ec516eb5f0fcbd883a65e61acc802de (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/src/corelib/json/qjson_p.h b/src/corelib/json/qjson_p.h
index 7f5a2d88a1..1767b3e9e6 100644
--- a/src/corelib/json/qjson_p.h
+++ b/src/corelib/json/qjson_p.h
@@ -788,7 +788,11 @@ public:
         if (reserve) {
             if (reserve < 128)
                 reserve = 128;
-            size = qMax(size + reserve, size *2);
+            size = qMax(size + reserve, qMin(size *2, (int)Value::MaxSize));
+            if (size > Value::MaxSize) {
+                qWarning("QJson: Document too large to store in data structure");
+                return 0;
+            }
         }
         char *raw = (char *)malloc(size);
         Q_CHECK_PTR(raw);
author	Lars Knoll <lars.knoll@theqtcompany.com>	2015-03-18 08:49:39 +0100
committer	Simon Hausmann <simon.hausmann@theqtcompany.com>	2016-02-18 07:38:28 +0000
commit	03f1a69e9cffe919597373471f7609521a465470 (patch)
tree	83953ccc59c058dfa66b44e32f51dac5ade9c953 /src/corelib/json/qjson_p.h
parent	6342fb2c3ec516eb5f0fcbd883a65e61acc802de (diff)