diff options
author | Oliver Dawes <olliedawes@gmail.com> | 2024-04-03 19:42:42 +0100 |
---|---|---|
committer | Oliver Dawes <olliedawes@gmail.com> | 2024-04-04 14:11:54 +0100 |
commit | d3e36454830012e4fd4c538ddeab7cddbfacdc24 (patch) | |
tree | 4d016d1ad33efa77390f88ae066bff02014e9f3d /tests/auto/qml/qv4estable | |
parent | a8f6a298ae989c2569433d3607f9f696b2dbac93 (diff) |
Fix heap-buffer-overflow in ESTable::remove
Fixes a heap-buffer-overflow issue in ESTable::remove due to an off by
one error in the count provided to memmove calls.
Task-number: QTBUG-123999
Pick-to: 6.7 6.5 6.2 5.15
Change-Id: I4ee0fbc16ba8936ea921e5f1d1bb267dae0b1d5f
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Diffstat (limited to 'tests/auto/qml/qv4estable')
-rw-r--r-- | tests/auto/qml/qv4estable/CMakeLists.txt | 24 | ||||
-rw-r--r-- | tests/auto/qml/qv4estable/tst_qv4estable.cpp | 40 |
2 files changed, 64 insertions, 0 deletions
diff --git a/tests/auto/qml/qv4estable/CMakeLists.txt b/tests/auto/qml/qv4estable/CMakeLists.txt new file mode 100644 index 0000000000..01d2663a04 --- /dev/null +++ b/tests/auto/qml/qv4estable/CMakeLists.txt @@ -0,0 +1,24 @@ +# Copyright (C) 2024 The Qt Company Ltd. +# SPDX-License-Identifier: BSD-3-Clause + +##################################################################### +## tst_qv4estable Test: +##################################################################### + +if(NOT QT_BUILD_STANDALONE_TESTS AND NOT QT_BUILDING_QT) + cmake_minimum_required(VERSION 3.16) + project(tst_qv4estable LANGUAGES CXX) + find_package(Qt6BuildInternals REQUIRED COMPONENTS STANDALONE_TEST) +endif() + +qt_internal_add_test(tst_qv4estable + SOURCES + tst_qv4estable.cpp + LIBRARIES + Qt::Gui + Qt::Qml + Qt::QmlPrivate +) + +## Scopes: +##################################################################### diff --git a/tests/auto/qml/qv4estable/tst_qv4estable.cpp b/tests/auto/qml/qv4estable/tst_qv4estable.cpp new file mode 100644 index 0000000000..45df62b23e --- /dev/null +++ b/tests/auto/qml/qv4estable/tst_qv4estable.cpp @@ -0,0 +1,40 @@ +// Copyright (C) 2024 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only + +#include <qtest.h> +#include <private/qv4estable_p.h> + +class tst_qv4estable : public QObject +{ + Q_OBJECT + +private slots: + void checkRemoveAvoidsHeapBufferOverflow(); +}; + +// QTBUG-123999 +void tst_qv4estable::checkRemoveAvoidsHeapBufferOverflow() +{ + QV4::ESTable estable; + + // Fill the ESTable with values so it is at max capacity. + QCOMPARE_EQ(estable.m_capacity, 8); + for (uint i = 0; i < estable.m_capacity; ++i) { + estable.set(QV4::Value::fromUInt32(i), QV4::Value::fromUInt32(i)); + } + // Our |m_keys| array should now contain eight values. + // > [v0, v1, v2, v3, v4, v5, v6, v7] + for (uint i = 0; i < estable.m_capacity; ++i) { + QVERIFY(estable.m_keys[i].sameValueZero(QV4::Value::fromUInt32(i))); + } + QCOMPARE_EQ(estable.m_capacity, 8); + QCOMPARE_EQ(estable.m_size, 8); + + // Remove the first item from the set to verify that asan does not trip. + // Relies on the CI platform propagating asan flag to all tests. + estable.remove(QV4::Value::fromUInt32(0)); +} + +QTEST_MAIN(tst_qv4estable) + +#include "tst_qv4estable.moc" |