From 817800ad39df10ca78e2c965a61d4d2025df622b Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@intel.com>
Date: Mon, 22 Dec 2014 21:19:27 -0200
Subject: Fix QXmlStreamReader parsing of files containing NULs

Due to a flaw in the internal API, QXmlStreamReader's internal buffering
would mistake a NUL byte in the input stream for EOF during parsing, but
wouldn't set atEnd == true because it hadn't yet processed all bytes.
This resulted in an infinite loop in QXmlStreamReaderPrivate::parse.

So, instead of returning zero (false) to indicate EOF, return -1 (but in
unsigned form, ~0, to avoid ICC warnings of change of sign). In turn,
this required enlarging a few variables to avoid ~0U becoming 0xffff,
which is a valid QChar (could happen if the input is a QString, not a
QIODevice).

Task-number: QTBUG-43513
Change-Id: If5badcfd3e4176b79517da1fd108e0abb93a3fd1
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
---
 src/corelib/xml/qxmlstream_p.h | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'src/corelib/xml/qxmlstream_p.h')

diff --git a/src/corelib/xml/qxmlstream_p.h b/src/corelib/xml/qxmlstream_p.h
index 7ff65e1718..087d64fce8 100644
--- a/src/corelib/xml/qxmlstream_p.h
+++ b/src/corelib/xml/qxmlstream_p.h
@@ -944,7 +944,7 @@ public:
 
 
     short token;
-    ushort token_char;
+    uint token_char;
 
     uint filterCarriageReturn();
     inline uint getChar();
@@ -955,7 +955,7 @@ public:
     void putStringLiteral(const QString &s);
     void putReplacement(const QString &s);
     void putReplacementInAttributeValue(const QString &s);
-    ushort getChar_helper();
+    uint getChar_helper();
 
     bool scanUntil(const char *str, short tokenToInject = -1);
     bool scanString(const char *str, short tokenToInject, bool requireSpace = true);
@@ -1068,7 +1068,7 @@ bool QXmlStreamReaderPrivate::parse()
         documentVersion.clear();
         documentEncoding.clear();
 #ifndef QT_NO_TEXTCODEC
-        if (decoder->hasFailure()) {
+        if (decoder && decoder->hasFailure()) {
             raiseWellFormedError(QXmlStream::tr("Encountered incorrectly encoded content."));
             readBuffer.clear();
             return false;
@@ -1099,8 +1099,8 @@ bool QXmlStreamReaderPrivate::parse()
         if (token == -1 && - TERMINAL_COUNT != action_index[act]) {
             uint cu = getChar();
             token = NOTOKEN;
-            token_char = cu;
-            if (cu & 0xff0000) {
+            token_char = cu == ~0U ? cu : ushort(cu);
+            if ((cu != ~0U) && (cu & 0xff0000)) {
                 token = cu >> 16;
             } else switch (token_char) {
             case 0xfffe:
@@ -1119,7 +1119,7 @@ bool QXmlStreamReaderPrivate::parse()
                     break;
                 }
                 // fall through
-            case '\0': {
+            case ~0U: {
                 token = EOF_SYMBOL;
                 if (!tagsDone && !inParseEntity) {
                     int a = t_action(act, token);
-- 
cgit v1.2.3