diff options
author | Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> | 2016-11-04 00:11:59 +0100 |
---|---|---|
committer | Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> | 2016-11-04 10:41:45 +0000 |
commit | 64714ea431f2fd355ed27edc69dba4e992511e75 (patch) | |
tree | eff4e1481f28b8ee63a77987f74f17538a64ac4c /tests | |
parent | 5861ea797da3ff3ce86e81a35af007648b732efd (diff) |
QV4String: properly detect overflow when trying to convert to an array index
A wrong overflow detection caused strings like "240000000000" to pass
the conversion, even though they would not fit into a uint when
converted into base-10. This mis-conversion to uint then caused
all sorts of side effects (broken comparisons, wrong listing of
properties, and so on).
So, properly fix the overflow detection by using our numeric private
functions.
Change-Id: Icbf67ac68cf5785d6c77b433c7a45aed5285a8c2
Task-number: QTBUG-56830
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/auto/qml/qjsvalue/tst_qjsvalue.cpp | 27 | ||||
-rw-r--r-- | tests/auto/qml/qjsvalue/tst_qjsvalue.h | 2 |
2 files changed, 29 insertions, 0 deletions
diff --git a/tests/auto/qml/qjsvalue/tst_qjsvalue.cpp b/tests/auto/qml/qjsvalue/tst_qjsvalue.cpp index bf9bd18807..b9a9fec6d9 100644 --- a/tests/auto/qml/qjsvalue/tst_qjsvalue.cpp +++ b/tests/auto/qml/qjsvalue/tst_qjsvalue.cpp @@ -1371,6 +1371,33 @@ void tst_QJSValue::hasProperty_changePrototype() QVERIFY(obj.hasOwnProperty("foo")); } +void tst_QJSValue::hasProperty_QTBUG56830_data() +{ + QTest::addColumn<QString>("key"); + QTest::addColumn<QString>("lookup"); + + QTest::newRow("bugreport-1") << QStringLiteral("240000000000") << QStringLiteral("3776798720"); + QTest::newRow("bugreport-2") << QStringLiteral("240000000001") << QStringLiteral("3776798721"); + QTest::newRow("biggest-ok-before-bug") << QStringLiteral("238609294221") << QStringLiteral("2386092941"); + QTest::newRow("smallest-bugged") << QStringLiteral("238609294222") << QStringLiteral("2386092942"); + QTest::newRow("biggest-bugged") << QStringLiteral("249108103166") << QStringLiteral("12884901886"); + QTest::newRow("smallest-ok-after-bug") << QStringLiteral("249108103167") << QStringLiteral("12884901887"); +} + +void tst_QJSValue::hasProperty_QTBUG56830() +{ + QFETCH(QString, key); + QFETCH(QString, lookup); + + QJSEngine eng; + const QJSValue value(42); + + QJSValue obj = eng.newObject(); + obj.setProperty(key, value); + QVERIFY(obj.hasProperty(key)); + QVERIFY(!obj.hasProperty(lookup)); +} + void tst_QJSValue::deleteProperty_basic() { QJSEngine eng; diff --git a/tests/auto/qml/qjsvalue/tst_qjsvalue.h b/tests/auto/qml/qjsvalue/tst_qjsvalue.h index 16667ff344..485577bf97 100644 --- a/tests/auto/qml/qjsvalue/tst_qjsvalue.h +++ b/tests/auto/qml/qjsvalue/tst_qjsvalue.h @@ -97,6 +97,8 @@ private slots: void hasProperty_basic(); void hasProperty_globalObject(); void hasProperty_changePrototype(); + void hasProperty_QTBUG56830_data(); + void hasProperty_QTBUG56830(); void deleteProperty_basic(); void deleteProperty_globalObject(); |