QPlugin: pass the direct header to qJsonFromRawLibraryMetaData()

This is done in preparation for storing the metadata without the magic string in static plugins and in ELF notes. Change-Id: I3eb1bd30e0124f89a052fffd16a820454dd56d3e Reviewed-by: Lars Knoll <lars.knoll@qt.io>
author: Thiago Macieira <thiago.macieira@intel.com> 2021-09-25 10:19:06 -0700
committer: Thiago Macieira <thiago.macieira@intel.com> 2021-10-04 21:51:50 -0700
commit: 2549a88ba2a48fa2bedce97dd71a2974c6f8840a (patch)
tree: 1d400ebbdad3562bd6bb7bd86ab48f2dc7dba666 /src/corelib/plugin
parent: b07345504c7a5537bb09b1d5763ca192eaeaf067 (diff)
5 files changed, 23 insertions, 7 deletions
diff --git a/src/corelib/plugin/qelfparser_p.cpp b/src/corelib/plugin/qelfparser_p.cpp
index c9b49c1570..0f30e8b20a 100644
--- a/src/corelib/plugin/qelfparser_p.cpp
+++ b/src/corelib/plugin/qelfparser_p.cpp
@@ -210,6 +210,13 @@ QLibraryScanResult QElfParser::parse(const char *dataStart, ulong fdlen, QString
                         .arg(*errMsg, QLibrary::tr("missing section data. This is not a library."));
                 return {};
             }
+            if (sh.size < sizeof(QPluginMetaData::MagicHeader)) {
+                *errMsg = QLibrary::tr("'%1' is an invalid ELF object (%2)")
+                        .arg(*errMsg, QLibrary::tr("section .qtmetadata is too small"));
+                return {};
+            }
+            sh.offset += sizeof(QPluginMetaData::MagicString);
+            sh.size -= sizeof(QPluginMetaData::MagicString);
             return { qsizetype(sh.offset), qsizetype(sh.size) };
         }
         s += e_shentsize;
diff --git a/src/corelib/plugin/qfactoryloader.cpp b/src/corelib/plugin/qfactoryloader.cpp
index 1a27559fd0..02c9cafbed 100644
--- a/src/corelib/plugin/qfactoryloader.cpp
+++ b/src/corelib/plugin/qfactoryloader.cpp
@@ -66,10 +66,6 @@ QT_BEGIN_NAMESPACE
 
 QJsonDocument qJsonFromRawLibraryMetaData(const char *raw, qsizetype size, QString *errMsg)
 {
-    Q_ASSERT(size >= qsizetype(sizeof(QPluginMetaData::MagicString)));
-    raw += sizeof(QPluginMetaData::MagicString);
-    size -= sizeof(QPluginMetaData::MagicString);
-
     // extract the keys not stored in CBOR
     QPluginMetaData::Header header;
     Q_ASSERT(size >= qsizetype(sizeof(header)));
diff --git a/src/corelib/plugin/qlibrary.cpp b/src/corelib/plugin/qlibrary.cpp
index f83a9483f4..1df6dfeb08 100644
--- a/src/corelib/plugin/qlibrary.cpp
+++ b/src/corelib/plugin/qlibrary.cpp
@@ -205,6 +205,7 @@ static QLibraryScanResult qt_find_pattern(const char *s, qsizetype s_len, QStrin
         *errMsg = QLibrary::tr("'%1' is not a Qt plugin").arg(*errMsg);
         return QLibraryScanResult{};
     }
+    i += sizeof(QPluginMetaData::MagicString);
     return { i, s_len - i };
 }
 
@@ -686,7 +687,13 @@ static bool qt_get_metadata(QLibraryPrivate *priv, QString *errMsg)
         return error(QLibrary::tr("entrypoint 'qt_plugin_query_metadata' not found"));
 
     auto metaData = reinterpret_cast<QPluginMetaData (*)()>(pfn)();
-    QJsonDocument doc = qJsonFromRawLibraryMetaData(reinterpret_cast<const char *>(metaData.data), metaData.size, errMsg);
+    auto data = reinterpret_cast<const char *>(metaData.data);
+    if (metaData.size < sizeof(QPluginMetaData::MagicHeader))
+        return error(QLibrary::tr("metadata too small"));
+
+    data += sizeof(QPluginMetaData::MagicString);
+    metaData.size -= sizeof(QPluginMetaData::MagicString);
+    QJsonDocument doc = qJsonFromRawLibraryMetaData(data, metaData.size, errMsg);
     if (doc.isNull())
         return false;           // error message already set
 
diff --git a/src/corelib/plugin/qmachparser.cpp b/src/corelib/plugin/qmachparser.cpp
index 88462b97b2..82dc4bf1c2 100644
--- a/src/corelib/plugin/qmachparser.cpp
+++ b/src/corelib/plugin/qmachparser.cpp
@@ -194,8 +194,12 @@ QLibraryScanResult  QMachOParser::parse(const char *m_s, ulong fdlen, QString *e
                         || Q_UNLIKELY(fdlen < sect[j].offset + sect[j].size))
                     return notfound(QString(), errorString);
 
+                if (sect[j].size < sizeof(QPluginMetaData::MagicHeader))
+                    return notfound(QLibrary::tr("section .qtmetadata is too small"), errorString);
+
                 qsizetype pos = reinterpret_cast<const char *>(header) - m_s + sect[j].offset;
-                return { pos, qsizetype(sect[j].size) };
+                pos += sizeof(QPluginMetaData::MagicString);
+                return { pos, qsizetype(sect[j].size - sizeof(QPluginMetaData::MagicString)) };
             }
         }
 
diff --git a/src/corelib/plugin/qpluginloader.cpp b/src/corelib/plugin/qpluginloader.cpp
index 9afdf0e537..e0cd8e7c45 100644
--- a/src/corelib/plugin/qpluginloader.cpp
+++ b/src/corelib/plugin/qpluginloader.cpp
@@ -477,10 +477,12 @@ QList<QStaticPlugin> QPluginLoader::staticPlugins()
 */
 QJsonObject QStaticPlugin::metaData() const
 {
+    Q_ASSERT(rawMetaDataSize >= qsizetype(sizeof(QPluginMetaData::MagicHeader)));
     auto ptr = static_cast<const char *>(rawMetaData);
+    ptr += sizeof(QPluginMetaData::MagicString);
 
     QString errMsg;
-    QJsonDocument doc = qJsonFromRawLibraryMetaData(ptr, rawMetaDataSize, &errMsg);
+    QJsonDocument doc = qJsonFromRawLibraryMetaData(ptr, rawMetaDataSize - sizeof(QPluginMetaData::MagicString), &errMsg);
     Q_ASSERT(doc.isObject());
     Q_ASSERT(errMsg.isEmpty());
     return doc.object();
author	Thiago Macieira <thiago.macieira@intel.com>	2021-09-25 10:19:06 -0700
committer	Thiago Macieira <thiago.macieira@intel.com>	2021-10-04 21:51:50 -0700
commit	2549a88ba2a48fa2bedce97dd71a2974c6f8840a (patch)
tree	1d400ebbdad3562bd6bb7bd86ab48f2dc7dba666 /src/corelib/plugin
parent	b07345504c7a5537bb09b1d5763ca192eaeaf067 (diff)