diff options
| author | Jüri Valdmann <juri.valdmann@qt.io> | 2018-05-03 13:25:06 +0200 |
|---|---|---|
| committer | Jüri Valdmann <juri.valdmann@qt.io> | 2018-05-17 10:34:28 +0000 |
| commit | f6fcdfcce9e8d22960d0b4b99547c582531241c6 (patch) | |
| tree | c8ac5083a2b2214e6e6510ed2a30a7ddd689c084 /tests | |
| parent | c9e0e8d5712b848cd15f343d4d1ebf475d1b7d77 (diff) | |
QJsonDocument::fromRawData: Fix out-of-bounds access
This method takes a pointer+size pair, but begins reading through the pointer
without first checking the size parameter. Fixed by checking the size parameter.
A new test case is added with an empty binary json file. Although the test does
not fail under normal conditions, the problem can be detected using valgrind or
AddressSanitizer.
Task-number: QTBUG-61969
Change-Id: Ie91cc9a56dbc3c676472c614d4e633d7721b8481
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit d3935cbd71171e1d8f3742cc3235ca0c38313ec8)
(cherry picked from commit 961b8f51a2e8198fce12e8784b1edae6b3f6f67b)
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/auto/corelib/json/invalidBinaryData/38.bjson | 0 | ||||
| -rw-r--r-- | tests/auto/corelib/json/tst_qtjson.cpp | 1 |
2 files changed, 1 insertions, 0 deletions
diff --git a/tests/auto/corelib/json/invalidBinaryData/38.bjson b/tests/auto/corelib/json/invalidBinaryData/38.bjson new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/tests/auto/corelib/json/invalidBinaryData/38.bjson diff --git a/tests/auto/corelib/json/tst_qtjson.cpp b/tests/auto/corelib/json/tst_qtjson.cpp index f2f9166711..a0d36fc4e0 100644 --- a/tests/auto/corelib/json/tst_qtjson.cpp +++ b/tests/auto/corelib/json/tst_qtjson.cpp @@ -1790,6 +1790,7 @@ void tst_QtJson::invalidBinaryData() QFile file(files.at(i).filePath()); file.open(QIODevice::ReadOnly); QByteArray bytes = file.readAll(); + bytes.squeeze(); QJsonDocument document = QJsonDocument::fromRawData(bytes.constData(), bytes.size()); QVERIFY(document.isNull()); } |