diff options
| author | Sami Rosendahl <ext-sami.1.rosendahl@nokia.com> | 2011-12-05 13:06:40 +0200 |
|---|---|---|
| committer | Qt by Nokia <qt-info@nokia.com> | 2011-12-25 21:58:57 +0100 |
| commit | b4398dc4e372dbe829b21423e1a0a93a6a542994 (patch) | |
| tree | 9473bae08a2b2edcdccd5be3a6654f6424319235 /src/dbus | |
| parent | 8f19f142745f3cb0690dcd51cebc66153e396805 (diff) | |
Fix crash in QDBusDemarshaller QStringList extraction
QDBusArgument QStringList extraction operator and QDBusDemarshaller that
implements the extraction do not check the type of the extracted value.
When extracting a QStringList and the value actually is e.g. an array of
bytes the string list extraction will crash as it interprets the bytes as
char pointers.
The fix adds DBus type checks to QDBusArgument QStringList extraction
operator implementations.
The checks are as permissive as possible provided crashes are avoided.
Task-number: QTBUG-22840
Change-Id: I4b67d75b59c5052d939f3a69f3e92dabdb3bdd6b
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/dbus')
| -rw-r--r-- | src/dbus/qdbusargument_p.h | 1 | ||||
| -rw-r--r-- | src/dbus/qdbusdemarshaller.cpp | 13 |
2 files changed, 12 insertions, 2 deletions
diff --git a/src/dbus/qdbusargument_p.h b/src/dbus/qdbusargument_p.h index 3ecb798f31..df2b2a011b 100644 --- a/src/dbus/qdbusargument_p.h +++ b/src/dbus/qdbusargument_p.h @@ -212,6 +212,7 @@ private: QString toStringUnchecked(); QDBusObjectPath toObjectPathUnchecked(); QDBusSignature toSignatureUnchecked(); + QStringList toStringListUnchecked(); }; inline QDBusMarshaller *QDBusArgumentPrivate::marshaller() diff --git a/src/dbus/qdbusdemarshaller.cpp b/src/dbus/qdbusdemarshaller.cpp index 0b6767f2a0..b7e363a8d2 100644 --- a/src/dbus/qdbusdemarshaller.cpp +++ b/src/dbus/qdbusdemarshaller.cpp @@ -274,7 +274,7 @@ QVariant QDBusDemarshaller::toVariantInternal() // QByteArray return toByteArray(); case DBUS_TYPE_STRING: - return toStringList(); + return toStringListUnchecked(); case DBUS_TYPE_DICT_ENTRY: return QVariant::fromValue(duplicate()); @@ -317,7 +317,7 @@ bool QDBusDemarshaller::isCurrentTypeStringLike() } } -QStringList QDBusDemarshaller::toStringList() +QStringList QDBusDemarshaller::toStringListUnchecked() { QStringList list; @@ -330,6 +330,15 @@ QStringList QDBusDemarshaller::toStringList() return list; } +QStringList QDBusDemarshaller::toStringList() +{ + if (q_dbus_message_iter_get_arg_type(&iterator) == DBUS_TYPE_ARRAY + && q_dbus_message_iter_get_element_type(&iterator) == DBUS_TYPE_STRING) + return toStringListUnchecked(); + else + return QStringList(); +} + QByteArray QDBusDemarshaller::toByteArray() { DBusMessageIter sub; |