From 7322c65ba70bc93d034dc570dd314dc9d738f0fa Mon Sep 17 00:00:00 2001
From: David Faure <david.faure@kdab.com>
Date: Mon, 26 Dec 2016 13:38:21 +0100
Subject: QMimeMagicRule: fix off by one in the number of bytes checked

Since the loop says p <= e, no +1 should be added to e.

Testcase:

The magic for application/x-gameboy-rom says
<match type="byte" value="0x0" mask="0x80" offset="323"/>
and this code was checking both byte 323 and byte 324, finding a match
at pos 324, returning application/x-gameboy-rom erroneously.

Given the magic for application/x-gameboy-color-rom:
<match type="byte" value="0x80" mask="0x80" offset="323"/>
the expected result for game-boy-color-test.gbc is application/x-gameboy-color-rom

Not yet detected by tst_qmimedatabase which is based on shared-mime-info 1.0,
will be covered by the upgrade to 1.8.

Change-Id: I2396cb1ccfb26db5a24d5551fef493cc0b98a247
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
 src/corelib/mimetypes/qmimemagicrule.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/corelib/mimetypes/qmimemagicrule.cpp b/src/corelib/mimetypes/qmimemagicrule.cpp
index 7e07f8acb9..7a807dccdb 100644
--- a/src/corelib/mimetypes/qmimemagicrule.cpp
+++ b/src/corelib/mimetypes/qmimemagicrule.cpp
@@ -161,7 +161,7 @@ bool QMimeMagicRule::matchNumber(const QByteArray &data) const
     //qDebug() << "mask" << QString::number(m_numberMask, 16);
 
     const char *p = data.constData() + m_startPos;
-    const char *e = data.constData() + qMin(data.size() - int(sizeof(T)), m_endPos + 1);
+    const char *e = data.constData() + qMin(data.size() - int(sizeof(T)), m_endPos);
     for ( ; p <= e; ++p) {
         if ((qFromUnaligned<T>(p) & mask) == (value & mask))
             return true;
-- 
cgit v1.2.3