From 4d8a515a230ca9864a94830fd376a1d3ecbe6886 Mon Sep 17 00:00:00 2001 From: Giuseppe D'Angelo Date: Wed, 15 Jan 2020 20:53:21 +0100 Subject: QXmlStreamReader: early return in case of malformed attributes There's no point at keep raising errors after encountering the first malformed attribute. Change-Id: Idb37e577ea96c3bd850b3caf008fe3ecd57dd32e Reviewed-by: Thiago Macieira --- src/corelib/serialization/qxmlstream.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src/corelib/serialization/qxmlstream.cpp') diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp index 500e0aa6be..dfa36ea642 100644 --- a/src/corelib/serialization/qxmlstream.cpp +++ b/src/corelib/serialization/qxmlstream.cpp @@ -50,6 +50,7 @@ #endif #include #include +#include #ifndef QT_BOOTSTRAPPED #include #else @@ -1582,6 +1583,7 @@ QStringRef QXmlStreamReaderPrivate::namespaceForPrefix(const QStringRef &prefix) */ void QXmlStreamReaderPrivate::resolveTag() { + const auto attributeStackCleaner = qScopeGuard([this](){ attributeStack.clear(); }); int n = attributeStack.size(); if (namespaceProcessing) { @@ -1649,7 +1651,10 @@ void QXmlStreamReaderPrivate::resolveTag() if (attributes[j].name() == attribute.name() && attributes[j].namespaceUri() == attribute.namespaceUri() && (namespaceProcessing || attributes[j].qualifiedName() == attribute.qualifiedName())) + { raiseWellFormedError(QXmlStream::tr("Attribute '%1' redefined.").arg(attribute.qualifiedName())); + return; + } } } @@ -1680,8 +1685,6 @@ void QXmlStreamReaderPrivate::resolveTag() attribute.m_isDefault = true; attributes.append(attribute); } - - attributeStack.clear(); } void QXmlStreamReaderPrivate::resolvePublicNamespaces() -- cgit v1.2.3 From e83c4e813840b8632ec44f00ee3daf2ba1b18133 Mon Sep 17 00:00:00 2001 From: Giuseppe D'Angelo Date: Tue, 21 Jan 2020 14:43:01 +0100 Subject: QXmlStreamReader: fix memory leak On some inputs a QXmlStreamReaderPrivate may allocate another QXmlStreamReaderPrivate as its entityResolver. Which, recursively, may allocate yet another one. This "chain" of QXmlStreamReaderPrivate objects was managed using raw pointers, and a leak was possible by resetting one of these pointers to nullptr without freeing the corresponding object. Change-Id: I2c6e1f023a2ed68b2b1857db25c53cce7f6bd3e7 Reviewed-by: Sona Kurazyan --- src/corelib/serialization/qxmlstream.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/corelib/serialization/qxmlstream.cpp') diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp index dfa36ea642..7ff87885a5 100644 --- a/src/corelib/serialization/qxmlstream.cpp +++ b/src/corelib/serialization/qxmlstream.cpp @@ -69,6 +69,8 @@ public: \ { return QString::fromLatin1(sourceText); } \ private: #endif +#include + QT_BEGIN_NAMESPACE #include "qxmlstream_p.h" @@ -848,7 +850,7 @@ void QXmlStreamReaderPrivate::init() #endif attributeStack.clear(); attributeStack.reserve(16); - entityParser = nullptr; + entityParser.reset(); hasCheckedStartDocument = false; normalizeLiterals = false; hasSeenTag = false; @@ -881,7 +883,7 @@ void QXmlStreamReaderPrivate::parseEntity(const QString &value) if (!entityParser) - entityParser = new QXmlStreamReaderPrivate(q); + entityParser = qt_make_unique(q); else entityParser->init(); entityParser->inParseEntity = true; @@ -911,7 +913,6 @@ QXmlStreamReaderPrivate::~QXmlStreamReaderPrivate() #endif free(sym_stack); free(state_stack); - delete entityParser; } -- cgit v1.2.3