aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorGiuseppe D'Angelo <giuseppe.dangelo@kdab.com>2016-11-04 00:11:59 +0100
committerGiuseppe D'Angelo <giuseppe.dangelo@kdab.com>2016-11-04 10:41:45 +0000
commit64714ea431f2fd355ed27edc69dba4e992511e75 (patch)
treeeff4e1481f28b8ee63a77987f74f17538a64ac4c /tests
parent5861ea797da3ff3ce86e81a35af007648b732efd (diff)
QV4String: properly detect overflow when trying to convert to an array index
A wrong overflow detection caused strings like "240000000000" to pass the conversion, even though they would not fit into a uint when converted into base-10. This mis-conversion to uint then caused all sorts of side effects (broken comparisons, wrong listing of properties, and so on). So, properly fix the overflow detection by using our numeric private functions. Change-Id: Icbf67ac68cf5785d6c77b433c7a45aed5285a8c2 Task-number: QTBUG-56830 Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Diffstat (limited to 'tests')
-rw-r--r--tests/auto/qml/qjsvalue/tst_qjsvalue.cpp27
-rw-r--r--tests/auto/qml/qjsvalue/tst_qjsvalue.h2
2 files changed, 29 insertions, 0 deletions
diff --git a/tests/auto/qml/qjsvalue/tst_qjsvalue.cpp b/tests/auto/qml/qjsvalue/tst_qjsvalue.cpp
index bf9bd18807..b9a9fec6d9 100644
--- a/tests/auto/qml/qjsvalue/tst_qjsvalue.cpp
+++ b/tests/auto/qml/qjsvalue/tst_qjsvalue.cpp
@@ -1371,6 +1371,33 @@ void tst_QJSValue::hasProperty_changePrototype()
QVERIFY(obj.hasOwnProperty("foo"));
}
+void tst_QJSValue::hasProperty_QTBUG56830_data()
+{
+ QTest::addColumn<QString>("key");
+ QTest::addColumn<QString>("lookup");
+
+ QTest::newRow("bugreport-1") << QStringLiteral("240000000000") << QStringLiteral("3776798720");
+ QTest::newRow("bugreport-2") << QStringLiteral("240000000001") << QStringLiteral("3776798721");
+ QTest::newRow("biggest-ok-before-bug") << QStringLiteral("238609294221") << QStringLiteral("2386092941");
+ QTest::newRow("smallest-bugged") << QStringLiteral("238609294222") << QStringLiteral("2386092942");
+ QTest::newRow("biggest-bugged") << QStringLiteral("249108103166") << QStringLiteral("12884901886");
+ QTest::newRow("smallest-ok-after-bug") << QStringLiteral("249108103167") << QStringLiteral("12884901887");
+}
+
+void tst_QJSValue::hasProperty_QTBUG56830()
+{
+ QFETCH(QString, key);
+ QFETCH(QString, lookup);
+
+ QJSEngine eng;
+ const QJSValue value(42);
+
+ QJSValue obj = eng.newObject();
+ obj.setProperty(key, value);
+ QVERIFY(obj.hasProperty(key));
+ QVERIFY(!obj.hasProperty(lookup));
+}
+
void tst_QJSValue::deleteProperty_basic()
{
QJSEngine eng;
diff --git a/tests/auto/qml/qjsvalue/tst_qjsvalue.h b/tests/auto/qml/qjsvalue/tst_qjsvalue.h
index 16667ff344..485577bf97 100644
--- a/tests/auto/qml/qjsvalue/tst_qjsvalue.h
+++ b/tests/auto/qml/qjsvalue/tst_qjsvalue.h
@@ -97,6 +97,8 @@ private slots:
void hasProperty_basic();
void hasProperty_globalObject();
void hasProperty_changePrototype();
+ void hasProperty_QTBUG56830_data();
+ void hasProperty_QTBUG56830();
void deleteProperty_basic();
void deleteProperty_globalObject();