QJsonDocument: Validate also zero-length objects

The added test case is the binary JSON equivalent of

    {"a":{"š":null}}

with two modifications. First, the length of the string "š" has been corrupted
to 0xFFFFFF00. Second and more import, the Base::size field of the inner object
has been reset to 0.

On its own the first modification would normally trigger a validation error.
However, due to the second modification the Value::usedStorage for the inner
object evaluates to 0, completely disabling all further validation of the
object's contents.

Attempting to convert this binary JSON into standard JSON will lead to the JSON
writer trying to construct a QString of length 0xFFFFFF00.

Fixed by validating also objects with usedStorage == 0.

Task-number: QTBUG-61969
Change-Id: I5e59383674dec9be89361759572c0d91d4e16e01
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>

1 files changed, 0 insertions, 2 deletions

diff --git a/src/corelib/serialization/qjson.cpp b/src/corelib/serialization/qjson.cpp
index c5e9eb70e1..592f6168dc 100644
--- a/src/corelib/serialization/qjson.cpp
+++ b/src/corelib/serialization/qjson.cpp
@@ -351,8 +351,6 @@ bool Value::isValid(const Base *b) const
         return false;
 
     int s = usedStorage(b);
-    if (!s)
-        return true;
     if (s < 0 || s > (int)b->tableOffset - offset)
         return false;
     if (type == QJsonValue::Array)