diff options
author | Lars Knoll <lars.knoll@qt.io> | 2019-11-15 12:28:56 +0100 |
---|---|---|
committer | Lars Knoll <lars.knoll@qt.io> | 2019-12-08 10:30:10 +0100 |
commit | 3d9bae304cb1fa8f5f6f8854141fc8ecca92a333 (patch) | |
tree | 7251ef9237571076adc1a3203ccb9766ad0b1db2 /src/corelib/serialization | |
parent | 37e054993b763c022ab5f4a4d34e92ddffba34f5 (diff) |
Fix potential out of bounds write in the JSON writer
If a small string (1 or 2 chars) would require a JSON escape sequence
when writing out the string, the code could write out of bounds of the
byte array. Fix that by always allocating at least 16 bytes of space.
Change-Id: I4d023e7ed837b25b0a5dcf6cfaaf94aa55695b9f
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/corelib/serialization')
-rw-r--r-- | src/corelib/serialization/qjsonwriter.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/corelib/serialization/qjsonwriter.cpp b/src/corelib/serialization/qjsonwriter.cpp index 31fb16c112..590b59f09c 100644 --- a/src/corelib/serialization/qjsonwriter.cpp +++ b/src/corelib/serialization/qjsonwriter.cpp @@ -60,7 +60,8 @@ static inline uchar hexdig(uint u) static QByteArray escapedString(const QString &s) { - QByteArray ba(s.length(), Qt::Uninitialized); + // give it a minimum size to ensure the resize() below always adds enough space + QByteArray ba(qMax(s.length(), 16), Qt::Uninitialized); uchar *cursor = reinterpret_cast<uchar *>(const_cast<char *>(ba.constData())); const uchar *ba_end = cursor + ba.length(); |