Validate size of the input in QJsonDocument::fromBinaryData

Change-Id: Ifc1d11b4dfbbe782d4e153118059c9affb833fa4 Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
author: Denis Dzyubenko <denis.dzyubenko@nokia.com> 2012-03-29 14:56:52 +0200
committer: Qt by Nokia <qt-info@nokia.com> 2012-03-29 16:08:40 +0200
commit: aeb1824a84e61e75ac053abc7ba46c565e4abc7c (patch)
tree: 5c361b414473f4b4778ca54aa682865d4cf60a57 /src/corelib/json/qjsondocument.cpp
parent: 698b33fccebbd1cb4094fdf8dc681108824530f5 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/corelib/json/qjsondocument.cpp b/src/corelib/json/qjsondocument.cpp
index c2204bf696..8fa2cef94e 100644
--- a/src/corelib/json/qjsondocument.cpp
+++ b/src/corelib/json/qjsondocument.cpp
@@ -224,14 +224,16 @@ const char *QJsonDocument::rawData(int *size) const
  */
 QJsonDocument QJsonDocument::fromBinaryData(const QByteArray &data, DataValidation validation)
 {
+    if (data.size() < (int)(sizeof(QJsonPrivate::Header) + sizeof(QJsonPrivate::Base)))
+        return QJsonDocument();
+
     QJsonPrivate::Header h;
     memcpy(&h, data.constData(), sizeof(QJsonPrivate::Header));
     QJsonPrivate::Base root;
     memcpy(&root, data.constData() + sizeof(QJsonPrivate::Header), sizeof(QJsonPrivate::Base));
 
     // do basic checks here, so we don't try to allocate more memory than we can.
-    if (data.size() < (int)(sizeof(QJsonPrivate::Header) + sizeof(QJsonPrivate::Base)) ||
-        h.tag != QJsonDocument::BinaryFormatTag || h.version != 1u ||
+    if (h.tag != QJsonDocument::BinaryFormatTag || h.version != 1u ||
         sizeof(QJsonPrivate::Header) + root.size > (uint)data.size())
         return QJsonDocument();
author	Denis Dzyubenko <denis.dzyubenko@nokia.com>	2012-03-29 14:56:52 +0200
committer	Qt by Nokia <qt-info@nokia.com>	2012-03-29 16:08:40 +0200
commit	aeb1824a84e61e75ac053abc7ba46c565e4abc7c (patch)
tree	5c361b414473f4b4778ca54aa682865d4cf60a57 /src/corelib/json/qjsondocument.cpp
parent	698b33fccebbd1cb4094fdf8dc681108824530f5 (diff)