diff options
author | Axel Spoerl <axel.spoerl@qt.io> | 2022-08-05 08:33:56 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2022-08-24 17:11:23 +0000 |
commit | 3638a46b67df366bda6a2f8c1c10f716a6fdc5eb (patch) | |
tree | 832bac38995822c975e332c406100ef2b537c418 /src | |
parent | 4e656d61421a5a36cfda232980e58aaf3a8937ce (diff) |
Make QHeaderView restore state from different stream versions
If restoring a QHeaderView state from a data stream with version Qt_5_0,
check alignment and resize mode properites for out-of-bound values.
If out of bounds, try QDataStream version Qt_6_0, which is used by KDE
apps compiled with 5.15.2 or 6.2.3.
QFileDialog stores settings in the same settings file across different
Qt versions, using different QDataStream versions. That makes
QFileDialog vulnerable to the issue (QTBUG-104962). A respective auto
test is added with this patch.
Fixes: QTBUG-104962
Task-number: QTBUG-104425
Change-Id: I666207fca7ab837ad27a247e504a40757ee8afab
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit 854cb55987b3de3c8379db0e7e95b4c94d4e6588)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/widgets/itemviews/qheaderview.cpp | 42 |
1 files changed, 28 insertions, 14 deletions
diff --git a/src/widgets/itemviews/qheaderview.cpp b/src/widgets/itemviews/qheaderview.cpp index 413857bf6c..dfb60a91ec 100644 --- a/src/widgets/itemviews/qheaderview.cpp +++ b/src/widgets/itemviews/qheaderview.cpp @@ -1762,22 +1762,27 @@ bool QHeaderView::restoreState(const QByteArray &state) Q_D(QHeaderView); if (state.isEmpty()) return false; - QByteArray data = state; - QDataStream stream(&data, QIODevice::ReadOnly); - stream.setVersion(QDataStream::Qt_5_0); - int marker; - int ver; - stream >> marker; - stream >> ver; - if (stream.status() != QDataStream::Ok + + for (const auto dataStreamVersion : {QDataStream::Qt_5_0, QDataStream::Qt_6_0}) { + + QByteArray data = state; + QDataStream stream(&data, QIODevice::ReadOnly); + stream.setVersion(dataStreamVersion); + int marker; + int ver; + stream >> marker; + stream >> ver; + if (stream.status() != QDataStream::Ok || marker != QHeaderViewPrivate::VersionMarker - || ver != 0) // current version is 0 - return false; + || ver != 0) { // current version is 0 + return false; + } - if (d->read(stream)) { - emit sortIndicatorChanged(d->sortIndicatorSection, d->sortIndicatorOrder ); - d->viewport->update(); - return true; + if (d->read(stream)) { + emit sortIndicatorChanged(d->sortIndicatorSection, d->sortIndicatorOrder ); + d->viewport->update(); + return true; + } } return false; } @@ -4131,6 +4136,15 @@ bool QHeaderViewPrivate::read(QDataStream &in) in >> global; + // Check parameter consistency + // Global orientation out of bounds? + if (global < 0 || global > QHeaderView::ResizeToContents) + return false; + + // Alignment out of bounds? + if (align < 0 || align > Qt::AlignVertical_Mask) + return false; + in >> sectionItemsIn; // In Qt4 we had a vector of spans where one span could hold information on more sections. // Now we have an itemvector where one items contains information about one section |