Fix crashes when creating large documents

Compact an object in regular intervals when inserting data into it, to avoid the object becoming huge. Compact an object/array before inserting into another array or object. Check that the document doesn't get so big it's overflowing the internal data structures. Task-number: QTBUG-29288 Change-Id: Id39d80dac1e7d5a11f40819f41b4b336bce16947 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
author: Lars Knoll <lars.knoll@digia.com> 2013-02-15 10:44:54 +0100
committer: The Qt Project <gerrit-noreply@qt-project.org> 2013-05-09 10:20:21 +0200
commit: e1d3687d64a19d27448b3f8247505daa99261ea1 (patch)
tree: 3792e67b42c833a4a8765f952d4d3f2a2fb4fa63 /src/corelib/json/qjsonarray.cpp
parent: 9cc106d9d7d951fcf30f4b0f8606afa6b50892ec (diff)
1 files changed, 16 insertions, 8 deletions
diff --git a/src/corelib/json/qjsonarray.cpp b/src/corelib/json/qjsonarray.cpp
index 5f1c38a752..fb8d2e83ff 100644
--- a/src/corelib/json/qjsonarray.cpp
+++ b/src/corelib/json/qjsonarray.cpp
@@ -391,9 +391,10 @@ QJsonValue QJsonArray::takeAt(int i)
 void QJsonArray::insert(int i, const QJsonValue &value)
 {
     Q_ASSERT (i >= 0 && i <= (a ? (int)a->length : 0));
+    QJsonValue val = value;
 
     bool compressed;
-    int valueSize = QJsonPrivate::Value::requiredStorage(value, &compressed);
+    int valueSize = QJsonPrivate::Value::requiredStorage(val, &compressed);
 
     detach(valueSize + sizeof(QJsonPrivate::Value));
 
@@ -401,13 +402,16 @@ void QJsonArray::insert(int i, const QJsonValue &value)
         a->tableOffset = sizeof(QJsonPrivate::Array);
 
     int valueOffset = a->reserveSpace(valueSize, i, 1, false);
+    if (!valueOffset)
+        return;
+
     QJsonPrivate::Value &v = (*a)[i];
-    v.type = (value.t == QJsonValue::Undefined ? QJsonValue::Null : value.t);
+    v.type = (val.t == QJsonValue::Undefined ? QJsonValue::Null : val.t);
     v.latinOrIntValue = compressed;
     v.latinKey = false;
-    v.value = QJsonPrivate::Value::valueToStore(value, valueOffset);
+    v.value = QJsonPrivate::Value::valueToStore(val, valueOffset);
     if (valueSize)
-        QJsonPrivate::Value::copyData(value, (char *)a + valueOffset, compressed);
+        QJsonPrivate::Value::copyData(val, (char *)a + valueOffset, compressed);
 }
 
 /*!
@@ -437,9 +441,10 @@ void QJsonArray::insert(int i, const QJsonValue &value)
 void QJsonArray::replace(int i, const QJsonValue &value)
 {
     Q_ASSERT (a && i >= 0 && i < (int)(a->length));
+    QJsonValue val = value;
 
     bool compressed;
-    int valueSize = QJsonPrivate::Value::requiredStorage(value, &compressed);
+    int valueSize = QJsonPrivate::Value::requiredStorage(val, &compressed);
 
     detach(valueSize);
 
@@ -447,13 +452,16 @@ void QJsonArray::replace(int i, const QJsonValue &value)
         a->tableOffset = sizeof(QJsonPrivate::Array);
 
     int valueOffset = a->reserveSpace(valueSize, i, 1, true);
+    if (!valueOffset)
+        return;
+
     QJsonPrivate::Value &v = (*a)[i];
-    v.type = (value.t == QJsonValue::Undefined ? QJsonValue::Null : value.t);
+    v.type = (val.t == QJsonValue::Undefined ? QJsonValue::Null : val.t);
     v.latinOrIntValue = compressed;
     v.latinKey = false;
-    v.value = QJsonPrivate::Value::valueToStore(value, valueOffset);
+    v.value = QJsonPrivate::Value::valueToStore(val, valueOffset);
     if (valueSize)
-        QJsonPrivate::Value::copyData(value, (char *)a + valueOffset, compressed);
+        QJsonPrivate::Value::copyData(val, (char *)a + valueOffset, compressed);
 
     ++d->compactionCounter;
     if (d->compactionCounter > 32u && d->compactionCounter >= unsigned(a->length) / 2u)
author	Lars Knoll <lars.knoll@digia.com>	2013-02-15 10:44:54 +0100
committer	The Qt Project <gerrit-noreply@qt-project.org>	2013-05-09 10:20:21 +0200
commit	e1d3687d64a19d27448b3f8247505daa99261ea1 (patch)
tree	3792e67b42c833a4a8765f952d4d3f2a2fb4fa63 /src/corelib/json/qjsonarray.cpp
parent	9cc106d9d7d951fcf30f4b0f8606afa6b50892ec (diff)