From 088e9bbb4bb1a0368010692c8c55425c880858e7 Mon Sep 17 00:00:00 2001
From: Friedemann Kleint <Friedemann.Kleint@digia.com>
Date: Tue, 5 Aug 2014 10:46:00 +0200
Subject: QHeaderView::restoreState(): Add sanity check.

Read data into local variables and apply only after a check.

Task-number: QTBUG-40462
Change-Id: Id06060d0d5b0eafc2d303526a86d552ff5747a72
Reviewed-by: David Faure <david.faure@kdab.com>
---
 src/widgets/itemviews/qheaderview.cpp | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

(limited to 'src/widgets')

diff --git a/src/widgets/itemviews/qheaderview.cpp b/src/widgets/itemviews/qheaderview.cpp
index eac25d3833..27b85c678e 100644
--- a/src/widgets/itemviews/qheaderview.cpp
+++ b/src/widgets/itemviews/qheaderview.cpp
@@ -3635,25 +3635,42 @@ void QHeaderViewPrivate::write(QDataStream &out) const
 bool QHeaderViewPrivate::read(QDataStream &in)
 {
     int orient, order, align, global;
-    in >> orient;
-    orientation = (Qt::Orientation)orient;
+    int sortIndicatorSectionIn;
+    bool sortIndicatorShownIn;
+    int lengthIn;
+    QVector<int> visualIndicesIn;
+    QVector<int> logicalIndicesIn;
+    QHash<int, int> hiddenSectionSizeIn;
 
+    in >> orient;
     in >> order;
-    sortIndicatorOrder = (Qt::SortOrder)order;
 
-    in >> sortIndicatorSection;
-    in >> sortIndicatorShown;
+    in >> sortIndicatorSectionIn;
+    in >> sortIndicatorShownIn;
 
-    in >> visualIndices;
-    in >> logicalIndices;
+    in >> visualIndicesIn;
+    in >> logicalIndicesIn;
 
     QBitArray sectionHidden;
     in >> sectionHidden;
-    in >> hiddenSectionSize;
+    in >> hiddenSectionSizeIn;
+    in >> lengthIn;
 
-    in >> length;
     int unusedSectionCount; // For compatibility
     in >> unusedSectionCount;
+
+    if (in.status() != QDataStream::Ok || lengthIn < 0)
+        return false;
+
+    orientation = static_cast<Qt::Orientation>(orient);
+    sortIndicatorOrder = static_cast<Qt::SortOrder>(order);
+    sortIndicatorSection = sortIndicatorSectionIn;
+    sortIndicatorShown = sortIndicatorShownIn;
+    visualIndices = visualIndicesIn;
+    logicalIndices = logicalIndicesIn;
+    hiddenSectionSize = hiddenSectionSizeIn;
+    length = lengthIn;
+
     in >> movableSections;
     in >> clickableSections;
     in >> highlightSelected;
-- 
cgit v1.2.3