From e83c4e813840b8632ec44f00ee3daf2ba1b18133 Mon Sep 17 00:00:00 2001
From: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Date: Tue, 21 Jan 2020 14:43:01 +0100
Subject: QXmlStreamReader: fix memory leak

On some inputs a QXmlStreamReaderPrivate may allocate another
QXmlStreamReaderPrivate as its entityResolver. Which, recursively,
may allocate yet another one.

This "chain" of QXmlStreamReaderPrivate objects was managed using
raw pointers, and a leak was possible by resetting one of
these pointers to nullptr without freeing the corresponding object.

Change-Id: I2c6e1f023a2ed68b2b1857db25c53cce7f6bd3e7
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
---
 src/corelib/serialization/qxmlstream.cpp | 7 ++++---
 src/corelib/serialization/qxmlstream_p.h | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
index dfa36ea642..7ff87885a5 100644
--- a/src/corelib/serialization/qxmlstream.cpp
+++ b/src/corelib/serialization/qxmlstream.cpp
@@ -69,6 +69,8 @@ public: \
         { return QString::fromLatin1(sourceText); } \
 private:
 #endif
+#include <private/qmemory_p.h>
+
 QT_BEGIN_NAMESPACE
 
 #include "qxmlstream_p.h"
@@ -848,7 +850,7 @@ void QXmlStreamReaderPrivate::init()
 #endif
     attributeStack.clear();
     attributeStack.reserve(16);
-    entityParser = nullptr;
+    entityParser.reset();
     hasCheckedStartDocument = false;
     normalizeLiterals = false;
     hasSeenTag = false;
@@ -881,7 +883,7 @@ void QXmlStreamReaderPrivate::parseEntity(const QString &value)
 
 
     if (!entityParser)
-        entityParser = new QXmlStreamReaderPrivate(q);
+        entityParser = qt_make_unique<QXmlStreamReaderPrivate>(q);
     else
         entityParser->init();
     entityParser->inParseEntity = true;
@@ -911,7 +913,6 @@ QXmlStreamReaderPrivate::~QXmlStreamReaderPrivate()
 #endif
     free(sym_stack);
     free(state_stack);
-    delete entityParser;
 }
 
 
diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
index cde66a48a3..9c94e6d434 100644
--- a/src/corelib/serialization/qxmlstream_p.h
+++ b/src/corelib/serialization/qxmlstream_p.h
@@ -981,7 +981,7 @@ public:
 
     QString resolveUndeclaredEntity(const QString &name);
     void parseEntity(const QString &value);
-    QXmlStreamReaderPrivate *entityParser;
+    std::unique_ptr<QXmlStreamReaderPrivate> entityParser;
 
     bool scanAfterLangleBang();
     bool scanPublicOrSystem();
-- 
cgit v1.2.3