From b4398dc4e372dbe829b21423e1a0a93a6a542994 Mon Sep 17 00:00:00 2001 From: Sami Rosendahl Date: Mon, 5 Dec 2011 13:06:40 +0200 Subject: Fix crash in QDBusDemarshaller QStringList extraction QDBusArgument QStringList extraction operator and QDBusDemarshaller that implements the extraction do not check the type of the extracted value. When extracting a QStringList and the value actually is e.g. an array of bytes the string list extraction will crash as it interprets the bytes as char pointers. The fix adds DBus type checks to QDBusArgument QStringList extraction operator implementations. The checks are as permissive as possible provided crashes are avoided. Task-number: QTBUG-22840 Change-Id: I4b67d75b59c5052d939f3a69f3e92dabdb3bdd6b Reviewed-by: Thiago Macieira --- .../auto/dbus/qdbusmarshall/tst_qdbusmarshall.cpp | 52 ++++++++++++++++++++++ 1 file changed, 52 insertions(+) (limited to 'tests/auto/dbus/qdbusmarshall/tst_qdbusmarshall.cpp') diff --git a/tests/auto/dbus/qdbusmarshall/tst_qdbusmarshall.cpp b/tests/auto/dbus/qdbusmarshall/tst_qdbusmarshall.cpp index ac8b5c1416..8ce456bf0e 100644 --- a/tests/auto/dbus/qdbusmarshall/tst_qdbusmarshall.cpp +++ b/tests/auto/dbus/qdbusmarshall/tst_qdbusmarshall.cpp @@ -99,6 +99,9 @@ private slots: void demarshallStrings_data(); void demarshallStrings(); + void demarshallInvalidStringList_data(); + void demarshallInvalidStringList(); + private: int fileDescriptorForTest(); @@ -1375,5 +1378,54 @@ void tst_QDBusMarshall::demarshallStrings() QVERIFY(receiveArg.atEnd()); } +void tst_QDBusMarshall::demarshallInvalidStringList_data() +{ + addBasicTypesColumns(); + + // None of the basic types should demarshall to a string list + basicNumericTypes_data(); + basicStringTypes_data(); + + // Arrays of non-string type should not demarshall to a string list + QList bools; + QTest::newRow("emptyboollist") << qVariantFromValue(bools); + bools << false << true << false; + QTest::newRow("boollist") << qVariantFromValue(bools); + + // Structures should not demarshall to a QByteArray + QTest::newRow("struct of strings") + << qVariantFromValue(QVariantList() << QString("foo") << QString("bar")); + QTest::newRow("struct of mixed types") + << qVariantFromValue(QVariantList() << QString("foo") << int(42) << double(3.14)); +} + +void tst_QDBusMarshall::demarshallInvalidStringList() +{ + QFETCH(QVariant, value); + + QDBusConnection con = QDBusConnection::sessionBus(); + + QVERIFY(con.isConnected()); + + QDBusMessage msg = QDBusMessage::createMethodCall(serviceName, objectPath, + interfaceName, "ping"); + QDBusArgument sendArg; + sendArg.beginStructure(); + sendArg.appendVariant(value); + sendArg.endStructure(); + msg.setArguments(QVariantList() << qVariantFromValue(sendArg)); + QDBusMessage reply = con.call(msg); + + const QDBusArgument receiveArg = qvariant_cast(reply.arguments().at(0)); + receiveArg.beginStructure(); + + QStringList receiveValue; + receiveArg >> receiveValue; + QCOMPARE(receiveValue, QStringList()); + + receiveArg.endStructure(); + QVERIFY(receiveArg.atEnd()); +} + QTEST_MAIN(tst_QDBusMarshall) #include "tst_qdbusmarshall.moc" -- cgit v1.2.3