diff options
| author | Jüri Valdmann <juri.valdmann@qt.io> | 2018-05-03 13:25:06 +0200 |
|---|---|---|
| committer | Jüri Valdmann <juri.valdmann@qt.io> | 2018-05-04 11:53:03 +0000 |
| commit | d3935cbd71171e1d8f3742cc3235ca0c38313ec8 (patch) | |
| tree | 552de4567a83abb647be4875af1531fe9dfca6a2 /tests/auto | |
| parent | de40f24706d0f3c4cc13900380aacc90d6879356 (diff) | |
QJsonDocument::fromRawData: Fix out-of-bounds access
This method takes a pointer+size pair, but begins reading through the pointer
without first checking the size parameter. Fixed by checking the size parameter.
A new test case is added with an empty binary json file. Although the test does
not fail under normal conditions, the problem can be detected using valgrind or
AddressSanitizer.
Task-number: QTBUG-61969
Change-Id: Ie91cc9a56dbc3c676472c614d4e633d7721b8481
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'tests/auto')
| -rw-r--r-- | tests/auto/corelib/serialization/json/invalidBinaryData/38.bjson | 0 | ||||
| -rw-r--r-- | tests/auto/corelib/serialization/json/tst_qtjson.cpp | 1 |
2 files changed, 1 insertions, 0 deletions
diff --git a/tests/auto/corelib/serialization/json/invalidBinaryData/38.bjson b/tests/auto/corelib/serialization/json/invalidBinaryData/38.bjson new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/tests/auto/corelib/serialization/json/invalidBinaryData/38.bjson diff --git a/tests/auto/corelib/serialization/json/tst_qtjson.cpp b/tests/auto/corelib/serialization/json/tst_qtjson.cpp index 99bdd8deb0..41c8f760dc 100644 --- a/tests/auto/corelib/serialization/json/tst_qtjson.cpp +++ b/tests/auto/corelib/serialization/json/tst_qtjson.cpp @@ -1863,6 +1863,7 @@ void tst_QtJson::invalidBinaryData() QFile file(files.at(i).filePath()); file.open(QIODevice::ReadOnly); QByteArray bytes = file.readAll(); + bytes.squeeze(); QJsonDocument document = QJsonDocument::fromRawData(bytes.constData(), bytes.size()); QVERIFY(document.isNull()); } |