diff options
author | Øystein Heskestad <oystein.heskestad@qt.io> | 2021-03-03 12:23:18 +0100 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-03-07 07:55:38 +0000 |
commit | 4e1bd90f3f71e97de580215c9884df8374602a8b (patch) | |
tree | 635c6ed24520387c281333585483687cb02d024f /tests | |
parent | 920ecea06aec2e87d1fa2270a4023def84024c63 (diff) |
Make qdecompresshelper archive bomb check only trigger for large files
This is to avoid false positives.
By default files are large if uncompressed size > 10 MB. Only configurable internally.
Also add auto tests.
Task-number: QTBUG-91392
Change-Id: I32258cb7c957f2a23a05157ba4ed5c0af2ba585e
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit be73ca7eb1cebcc15064666e647bc337b5c2baa2)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/auto/network/access/qdecompresshelper/10K.gz | bin | 0 -> 55 bytes | |||
-rw-r--r-- | tests/auto/network/access/qdecompresshelper/tst_qdecompresshelper.cpp | 40 |
2 files changed, 40 insertions, 0 deletions
diff --git a/tests/auto/network/access/qdecompresshelper/10K.gz b/tests/auto/network/access/qdecompresshelper/10K.gz Binary files differnew file mode 100644 index 0000000000..c5c4959763 --- /dev/null +++ b/tests/auto/network/access/qdecompresshelper/10K.gz diff --git a/tests/auto/network/access/qdecompresshelper/tst_qdecompresshelper.cpp b/tests/auto/network/access/qdecompresshelper/tst_qdecompresshelper.cpp index 23040b7624..41b1837b39 100644 --- a/tests/auto/network/access/qdecompresshelper/tst_qdecompresshelper.cpp +++ b/tests/auto/network/access/qdecompresshelper/tst_qdecompresshelper.cpp @@ -64,6 +64,9 @@ private Q_SLOTS: void decompressBigData_data(); void decompressBigData(); + void archiveBomb_data(); + void archiveBomb(); + #if QT_POINTER_SIZE >= 8 void bigZlib(); #endif @@ -392,6 +395,43 @@ void tst_QDecompressHelper::decompressBigData() QTEST(totalSize, "size"); } +void tst_QDecompressHelper::archiveBomb_data() +{ + QTest::addColumn<QByteArray>("encoding"); + QTest::addColumn<QString>("path"); + QTest::addColumn<bool>("shouldFail"); + + QTest::newRow("gzip-10K") << QByteArray("gzip") << (srcDir + "/10K.gz") << false; + QTest::newRow("gzip-4G") << QByteArray("gzip") << QString(":/4G.gz") << true; +} + +void tst_QDecompressHelper::archiveBomb() +{ + QFETCH(bool, shouldFail); + QFETCH(QString, path); + QFile file(path); + QVERIFY(file.open(QIODevice::ReadOnly)); + + QDecompressHelper helper; + QFETCH(QByteArray, encoding); + helper.setEncoding(encoding); + QVERIFY(helper.isValid()); + + constexpr qint64 SafeSizeLimit = 10 * 1024 * 1024; + constexpr qint64 RatioLimit = 40; + qint64 bytesToRead = std::min(SafeSizeLimit / RatioLimit, file.bytesAvailable()); + QByteArray output(1 + bytesToRead * RatioLimit, Qt::Uninitialized); + helper.feed(file.read(bytesToRead)); + qsizetype bytesRead = helper.read(output.data(), output.size()); + QVERIFY(bytesRead <= output.size()); + QVERIFY(helper.isValid()); + + if (shouldFail) + QCOMPARE(bytesRead, -1); + else + QVERIFY(bytesRead > 0); +} + #if QT_POINTER_SIZE >= 8 void tst_QDecompressHelper::bigZlib() { |