RuntimeHelpers: Short-circuit stringToNumber on huge strings

We don't need to iterate such a monster, or even convert it to latin1. It won't be a valid number anyway. Fixes: QTBUG-78955 Change-Id: Iaa35d924511885f804abe2d5c74235adcad55b27 Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
author: Ulf Hermann <ulf.hermann@qt.io> 2019-11-01 16:04:18 +0100
committer: Ulf Hermann <ulf.hermann@qt.io> 2019-11-07 13:33:26 +0100
commit: 06fa6ef1b9e159bd9b83b59ce23b7e09b918aa1f (patch)
tree: da85cb4e4becf4b51de9fd6bfd7b93debc11ece8
parent: f05c9c292b5ee19e5e44709e44a9509d3300632f (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/src/qml/jsruntime/qv4runtime.cpp b/src/qml/jsruntime/qv4runtime.cpp
index aaa198c62a..01b5ff6611 100644
--- a/src/qml/jsruntime/qv4runtime.cpp
+++ b/src/qml/jsruntime/qv4runtime.cpp
@@ -408,6 +408,15 @@ QV4::ReturnedValue Runtime::In::call(ExecutionEngine *engine, const Value &left,
 
 double RuntimeHelpers::stringToNumber(const QString &string)
 {
+    // The actual maximum valid length is certainly shorter, but due to the sheer number of
+    // different number formatting variants, we rather err on the side of caution here.
+    // For example, you can have up to 772 valid decimal digits left of the dot, as stated in the
+    // libdoubleconversion sources. The same maximum value would be represented by roughly 3.5 times
+    // as many binary digits.
+    const int excessiveLength = 16 * 1024;
+    if (string.length() > excessiveLength)
+        return qQNaN();
+
     const QStringRef s = QStringRef(&string).trimmed();
     if (s.startsWith(QLatin1Char('0'))) {
         int base = -1;
author	Ulf Hermann <ulf.hermann@qt.io>	2019-11-01 16:04:18 +0100
committer	Ulf Hermann <ulf.hermann@qt.io>	2019-11-07 13:33:26 +0100
commit	06fa6ef1b9e159bd9b83b59ce23b7e09b918aa1f (patch)
tree	da85cb4e4becf4b51de9fd6bfd7b93debc11ece8
parent	f05c9c292b5ee19e5e44709e44a9509d3300632f (diff)