summaryrefslogtreecommitdiffstats
path: root/src/corelib/serialization
diff options
context:
space:
mode:
authorLars Knoll <lars.knoll@qt.io>2019-11-15 12:28:56 +0100
committerLars Knoll <lars.knoll@qt.io>2019-12-08 10:30:10 +0100
commit3d9bae304cb1fa8f5f6f8854141fc8ecca92a333 (patch)
tree7251ef9237571076adc1a3203ccb9766ad0b1db2 /src/corelib/serialization
parent37e054993b763c022ab5f4a4d34e92ddffba34f5 (diff)
Fix potential out of bounds write in the JSON writer
If a small string (1 or 2 chars) would require a JSON escape sequence when writing out the string, the code could write out of bounds of the byte array. Fix that by always allocating at least 16 bytes of space. Change-Id: I4d023e7ed837b25b0a5dcf6cfaaf94aa55695b9f Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/corelib/serialization')
-rw-r--r--src/corelib/serialization/qjsonwriter.cpp3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/corelib/serialization/qjsonwriter.cpp b/src/corelib/serialization/qjsonwriter.cpp
index 31fb16c112..590b59f09c 100644
--- a/src/corelib/serialization/qjsonwriter.cpp
+++ b/src/corelib/serialization/qjsonwriter.cpp
@@ -60,7 +60,8 @@ static inline uchar hexdig(uint u)
static QByteArray escapedString(const QString &s)
{
- QByteArray ba(s.length(), Qt::Uninitialized);
+ // give it a minimum size to ensure the resize() below always adds enough space
+ QByteArray ba(qMax(s.length(), 16), Qt::Uninitialized);
uchar *cursor = reinterpret_cast<uchar *>(const_cast<char *>(ba.constData()));
const uchar *ba_end = cursor + ba.length();
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-02 19:03:07 +0000