summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorØystein Heskestad <oystein.heskestad@qt.io>2021-03-03 12:23:18 +0100
committerQt Cherry-pick Bot <cherrypick_bot@qt-project.org>2021-03-07 07:55:38 +0000
commit4e1bd90f3f71e97de580215c9884df8374602a8b (patch)
tree635c6ed24520387c281333585483687cb02d024f /tests
parent920ecea06aec2e87d1fa2270a4023def84024c63 (diff)
Make qdecompresshelper archive bomb check only trigger for large files
This is to avoid false positives. By default files are large if uncompressed size > 10 MB. Only configurable internally. Also add auto tests. Task-number: QTBUG-91392 Change-Id: I32258cb7c957f2a23a05157ba4ed5c0af2ba585e Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> (cherry picked from commit be73ca7eb1cebcc15064666e647bc337b5c2baa2) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'tests')
-rw-r--r--tests/auto/network/access/qdecompresshelper/10K.gzbin0 -> 55 bytes
-rw-r--r--tests/auto/network/access/qdecompresshelper/tst_qdecompresshelper.cpp40
2 files changed, 40 insertions, 0 deletions
diff --git a/tests/auto/network/access/qdecompresshelper/10K.gz b/tests/auto/network/access/qdecompresshelper/10K.gz
new file mode 100644
index 0000000000..c5c4959763
--- /dev/null
+++ b/tests/auto/network/access/qdecompresshelper/10K.gz
Binary files differ
diff --git a/tests/auto/network/access/qdecompresshelper/tst_qdecompresshelper.cpp b/tests/auto/network/access/qdecompresshelper/tst_qdecompresshelper.cpp
index 23040b7624..41b1837b39 100644
--- a/tests/auto/network/access/qdecompresshelper/tst_qdecompresshelper.cpp
+++ b/tests/auto/network/access/qdecompresshelper/tst_qdecompresshelper.cpp
@@ -64,6 +64,9 @@ private Q_SLOTS:
void decompressBigData_data();
void decompressBigData();
+ void archiveBomb_data();
+ void archiveBomb();
+
#if QT_POINTER_SIZE >= 8
void bigZlib();
#endif
@@ -392,6 +395,43 @@ void tst_QDecompressHelper::decompressBigData()
QTEST(totalSize, "size");
}
+void tst_QDecompressHelper::archiveBomb_data()
+{
+ QTest::addColumn<QByteArray>("encoding");
+ QTest::addColumn<QString>("path");
+ QTest::addColumn<bool>("shouldFail");
+
+ QTest::newRow("gzip-10K") << QByteArray("gzip") << (srcDir + "/10K.gz") << false;
+ QTest::newRow("gzip-4G") << QByteArray("gzip") << QString(":/4G.gz") << true;
+}
+
+void tst_QDecompressHelper::archiveBomb()
+{
+ QFETCH(bool, shouldFail);
+ QFETCH(QString, path);
+ QFile file(path);
+ QVERIFY(file.open(QIODevice::ReadOnly));
+
+ QDecompressHelper helper;
+ QFETCH(QByteArray, encoding);
+ helper.setEncoding(encoding);
+ QVERIFY(helper.isValid());
+
+ constexpr qint64 SafeSizeLimit = 10 * 1024 * 1024;
+ constexpr qint64 RatioLimit = 40;
+ qint64 bytesToRead = std::min(SafeSizeLimit / RatioLimit, file.bytesAvailable());
+ QByteArray output(1 + bytesToRead * RatioLimit, Qt::Uninitialized);
+ helper.feed(file.read(bytesToRead));
+ qsizetype bytesRead = helper.read(output.data(), output.size());
+ QVERIFY(bytesRead <= output.size());
+ QVERIFY(helper.isValid());
+
+ if (shouldFail)
+ QCOMPARE(bytesRead, -1);
+ else
+ QVERIFY(bytesRead > 0);
+}
+
#if QT_POINTER_SIZE >= 8
void tst_QDecompressHelper::bigZlib()
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 19:32:33 +0000