diff options
author | Liang Qi <liang.qi@qt.io> | 2020-03-31 12:30:18 +0200 |
---|---|---|
committer | Liang Qi <liang.qi@qt.io> | 2020-03-31 16:24:30 +0200 |
commit | 7ed097b31f7e15812144c360021872cf8f11821e (patch) | |
tree | 0bc0ac535734fb4513728042b090d15eb86aaa33 /src/corelib/serialization/qcborstreamreader.cpp | |
parent | 82a39f12fa50424fe792b4ff7e7764d98ebabe3e (diff) | |
parent | 947e1f45c762cf6d26bc8f241833689c6e636627 (diff) |
Merge "Merge remote-tracking branch 'origin/5.14' into 5.15"v5.15.0-beta3
Diffstat (limited to 'src/corelib/serialization/qcborstreamreader.cpp')
-rw-r--r-- | src/corelib/serialization/qcborstreamreader.cpp | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/src/corelib/serialization/qcborstreamreader.cpp b/src/corelib/serialization/qcborstreamreader.cpp index c983436606..ec385e0629 100644 --- a/src/corelib/serialization/qcborstreamreader.cpp +++ b/src/corelib/serialization/qcborstreamreader.cpp @@ -1,6 +1,6 @@ /**************************************************************************** ** -** Copyright (C) 2018 Intel Corporation. +** Copyright (C) 2020 Intel Corporation. ** Contact: https://www.qt.io/licensing/ ** ** This file is part of the QtCore module of the Qt Toolkit. @@ -42,6 +42,7 @@ #define CBOR_NO_ENCODER_API #include <private/qcborcommon_p.h> +#include <private/qbytearray_p.h> #include <private/qnumeric_p.h> #include <private/qutfcodec_p.h> #include <qdebug.h> @@ -1055,6 +1056,10 @@ bool QCborStreamReader::next(int maxRecursion) } else if (isString() || isByteArray()) { auto r = _readByteArray_helper(); while (r.status == Ok) { + if (isString() && r.data.size() > MaxStringSize) { + d->handleError(CborErrorDataTooLarge); + break; + } if (isString() && !QUtf8::isValidUtf8(r.data, r.data.size()).isValidUtf8) { d->handleError(CborErrorInvalidUtf8TextString); break; @@ -1337,15 +1342,23 @@ QCborStreamReader::StringResult<QString> QCborStreamReader::_readString_helper() result.status = r.status; if (r.status == Ok) { - QTextCodec::ConverterState cs; - result.data = QUtf8::convertToUnicode(r.data, r.data.size(), &cs); - if (cs.invalidChars == 0 && cs.remainingChars == 0) - return result; + // See QUtf8::convertToUnicode() a detailed explanation of why this + // conversion uses the same number of words or less. + CborError err = CborNoError; + if (r.data.size() > MaxStringSize) { + err = CborErrorDataTooLarge; + } else { + QTextCodec::ConverterState cs; + result.data = QUtf8::convertToUnicode(r.data, r.data.size(), &cs); + if (cs.invalidChars != 0 || cs.remainingChars != 0) + err = CborErrorInvalidUtf8TextString; + } - d->handleError(CborErrorInvalidUtf8TextString); - result.data.clear(); - result.status = Error; - return result; + if (err) { + d->handleError(err); + result.data.clear(); + result.status = Error; + } } return result; } @@ -1373,6 +1386,10 @@ QCborStreamReader::StringResult<QByteArray> QCborStreamReader::_readByteArray_he qsizetype len = _currentStringChunkSize(); if (len < 0) return result; + if (len > MaxByteArraySize) { + d->handleError(CborErrorDataTooLarge); + return result; + } result.data.resize(len); auto r = readStringChunk(result.data.data(), len); |