From de40f24706d0f3c4cc13900380aacc90d6879356 Mon Sep 17 00:00:00 2001 From: Thiago Macieira Date: Sun, 15 Apr 2018 14:36:53 -0700 Subject: Fix the enabling of AES with ICC and MSVC on some low-end processors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GCC and Clang assume that all Sandybridge (2nd generation) and newer Intel Core™ processors have AES, which I used as a source of information for this code. However, there are a few low-end parts that miss this feature, like Intel Core™ i3-2350M, i3-3130M, i3-4000M. [1] https://ark.intel.com/products/series/75025/4th-Generation-Intel-Core-i3-Processors Task-number: QTBUG-67705 Change-Id: If90a92b041d3442fa0a4fffd1525b9afbcb6e524 Reviewed-by: Oswald Buddenhagen Reviewed-by: Thiago Macieira --- src/corelib/tools/qsimd_p.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src/corelib') diff --git a/src/corelib/tools/qsimd_p.h b/src/corelib/tools/qsimd_p.h index eb56b31348..18684caefb 100644 --- a/src/corelib/tools/qsimd_p.h +++ b/src/corelib/tools/qsimd_p.h @@ -219,9 +219,8 @@ // AVX intrinsics # if defined(__AVX__) && defined(QT_COMPILER_SUPPORTS_SIMD_ALWAYS) && (defined(Q_CC_INTEL) || defined(Q_CC_MSVC)) // AES, PCLMULQDQ instructions: -// All processors that support AVX support AES, PCLMULQDQ -// (but neither MSVC nor the Intel compiler define these macros) -# define __AES__ 1 +// All processors that support AVX support PCLMULQDQ +// (but neither MSVC nor the Intel compiler define this macro) # define __PCLMUL__ 1 # endif -- cgit v1.2.3 From d3935cbd71171e1d8f3742cc3235ca0c38313ec8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCri=20Valdmann?= Date: Thu, 3 May 2018 13:25:06 +0200 Subject: QJsonDocument::fromRawData: Fix out-of-bounds access This method takes a pointer+size pair, but begins reading through the pointer without first checking the size parameter. Fixed by checking the size parameter. A new test case is added with an empty binary json file. Although the test does not fail under normal conditions, the problem can be detected using valgrind or AddressSanitizer. Task-number: QTBUG-61969 Change-Id: Ie91cc9a56dbc3c676472c614d4e633d7721b8481 Reviewed-by: Lars Knoll Reviewed-by: Thiago Macieira --- src/corelib/serialization/qjson_p.h | 2 +- src/corelib/serialization/qjsondocument.cpp | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'src/corelib') diff --git a/src/corelib/serialization/qjson_p.h b/src/corelib/serialization/qjson_p.h index 7743382806..dc56a49084 100644 --- a/src/corelib/serialization/qjson_p.h +++ b/src/corelib/serialization/qjson_p.h @@ -450,7 +450,7 @@ static inline void copyString(char *dest, const QString &str, bool compress) /* - Base is the base class for both Object and Array. Both classe work more or less the same way. + Base is the base class for both Object and Array. Both classes work more or less the same way. The class starts with a header (defined by the struct below), then followed by data (the data for values in the Array case and Entry's (see below) for objects. diff --git a/src/corelib/serialization/qjsondocument.cpp b/src/corelib/serialization/qjsondocument.cpp index 9794bca60d..ab27b45fda 100644 --- a/src/corelib/serialization/qjsondocument.cpp +++ b/src/corelib/serialization/qjsondocument.cpp @@ -210,6 +210,9 @@ QJsonDocument QJsonDocument::fromRawData(const char *data, int size, DataValidat return QJsonDocument(); } + if (size < (int)(sizeof(QJsonPrivate::Header) + sizeof(QJsonPrivate::Base))) + return QJsonDocument(); + QJsonPrivate::Data *d = new QJsonPrivate::Data((char *)data, size); d->ownsData = false; -- cgit v1.2.3 From 3fc5500b4f2a8431ac013520e9faf606e893b39a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCri=20Valdmann?= Date: Thu, 3 May 2018 13:39:36 +0200 Subject: QJsonDocument: Reject objects containing themselves in binary JSON The added test case is a binary JSON file describing an array which contains itself. This file passes validation even though attempting to convert it to plain JSON leads to an infinite loop. Fixed by rejecting it in validation. Task-number: QTBUG-61969 Change-Id: Ib4472e9777d09840c30c384b24294e4744b02045 Reviewed-by: Lars Knoll --- src/corelib/serialization/qjson.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/corelib') diff --git a/src/corelib/serialization/qjson.cpp b/src/corelib/serialization/qjson.cpp index e4bca3bcd0..c5e9eb70e1 100644 --- a/src/corelib/serialization/qjson.cpp +++ b/src/corelib/serialization/qjson.cpp @@ -328,7 +328,7 @@ int Value::usedStorage(const Base *b) const bool Value::isValid(const Base *b) const { - int offset = 0; + int offset = -1; switch (type) { case QJsonValue::Double: if (latinOrIntValue) @@ -345,9 +345,9 @@ bool Value::isValid(const Base *b) const break; } - if (!offset) + if (offset == -1) return true; - if (offset + sizeof(uint) > b->tableOffset) + if (offset + sizeof(uint) > b->tableOffset || offset < (int)sizeof(Base)) return false; int s = usedStorage(b); -- cgit v1.2.3 From 93e0ff037e3e4d72d404c26b8e957092d5f88652 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCri=20Valdmann?= Date: Thu, 3 May 2018 16:39:32 +0200 Subject: QJsonDocument: Validate also zero-length objects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The added test case is the binary JSON equivalent of {"a":{"š":null}} with two modifications. First, the length of the string "š" has been corrupted to 0xFFFFFF00. Second and more import, the Base::size field of the inner object has been reset to 0. On its own the first modification would normally trigger a validation error. However, due to the second modification the Value::usedStorage for the inner object evaluates to 0, completely disabling all further validation of the object's contents. Attempting to convert this binary JSON into standard JSON will lead to the JSON writer trying to construct a QString of length 0xFFFFFF00. Fixed by validating also objects with usedStorage == 0. Task-number: QTBUG-61969 Change-Id: I5e59383674dec9be89361759572c0d91d4e16e01 Reviewed-by: Thiago Macieira --- src/corelib/serialization/qjson.cpp | 2 -- 1 file changed, 2 deletions(-) (limited to 'src/corelib') diff --git a/src/corelib/serialization/qjson.cpp b/src/corelib/serialization/qjson.cpp index c5e9eb70e1..592f6168dc 100644 --- a/src/corelib/serialization/qjson.cpp +++ b/src/corelib/serialization/qjson.cpp @@ -351,8 +351,6 @@ bool Value::isValid(const Base *b) const return false; int s = usedStorage(b); - if (!s) - return true; if (s < 0 || s > (int)b->tableOffset - offset) return false; if (type == QJsonValue::Array) -- cgit v1.2.3 From a25ba47c2b820117bdc60ba6bc772d6ea4093a4c Mon Sep 17 00:00:00 2001 From: Thiago Macieira Date: Thu, 29 Mar 2018 17:51:09 +0800 Subject: QAbstractEventDispatcher: add a note about the timer range for Qt 6 Task-number: QTBUG-67383 Change-Id: I00ccecb71c774bb9b86cfffd15205b4f38088764 Reviewed-by: Thiago Macieira --- src/corelib/kernel/qabstracteventdispatcher.h | 1 + 1 file changed, 1 insertion(+) (limited to 'src/corelib') diff --git a/src/corelib/kernel/qabstracteventdispatcher.h b/src/corelib/kernel/qabstracteventdispatcher.h index 4775d3d47a..bd8da5c35d 100644 --- a/src/corelib/kernel/qabstracteventdispatcher.h +++ b/src/corelib/kernel/qabstracteventdispatcher.h @@ -87,6 +87,7 @@ public: QT_DEPRECATED inline void registerTimer(int timerId, int interval, QObject *object) { registerTimer(timerId, interval, Qt::CoarseTimer, object); } #endif + // ### Qt6: change interval range to qint64 (or use QDeadlineTimer) int registerTimer(int interval, Qt::TimerType timerType, QObject *object); virtual void registerTimer(int timerId, int interval, Qt::TimerType timerType, QObject *object) = 0; virtual bool unregisterTimer(int timerId) = 0; -- cgit v1.2.3