QJsonDocument: Avoid overflow of string lengths

The added test case contains the binary JSON equivalent of

    ["ž"]

with the modification that the string's length has been set to INT_MAX. In
Value::usedStorage this length is used through the pointer d like so

    s = sizeof(int) + sizeof(ushort) * qFromLittleEndian(*(int *)d);

Because 2 * INT_MAX is UINT_MAX-1, the expression as a whole evaluates to 2,
which is considered a valid storage size. However, when converting this binary
JSON into ordinary JSON we will attempt to construct a QString of length
INT_MAX.

Fixed by using String::isValid instead of Value::usedStorage. This method
already takes care to avoid the overflow problem. Additionally, I've tried in
this patch to clarify the behavior of Value::isValid a bit by writing it in a
style that is hopefully more amenable to structural induction.

Finally, the test case added in my previous patch had the wrong file extension
and is renamed in this one.

Task-number: QTBUG-61969
Change-Id: I45d891f2467a71d8d105822ef7eb1a73c3efa67a
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 8e47474baf06b3884e9173302395dd25fc09eba9)
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
(cherry picked from commit f24bd1b8183ec9cc4e239dc560072d3896ec61a1)

1 files changed, 0 insertions, 0 deletions

diff --git a/tests/auto/corelib/json/invalidBinaryData/41.bjson b/tests/auto/corelib/json/invalidBinaryData/41.bjson
new file mode 100644
index 0000000000..0b5940ab95
--- /dev/null
+++ b/tests/auto/corelib/json/invalidBinaryData/41.bjson