AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

QJsonDocument: Reject objects containing themselves in binary JSON

Browse Source 
The added test case is a binary JSON file describing an array which contains
itself. This file passes validation even though attempting to convert it to
plain JSON leads to an infinite loop. Fixed by rejecting it in validation.

Task-number: QTBUG-61969
Change-Id: Ib4472e9777d09840c30c384b24294e4744b02045
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
This commit is contained in:
Jüri Valdmann 2018-05-03 13:39:36 +02:00
parent 1aee60eb33
commit 3fc5500b4f
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/corelib/serialization/qjson.cpp
View File

@ -328,7 +328,7 @@ int Value::usedStorage(const Base *b) const
bool Value::isValid(const Base *b) const
{
int offset = 0;
int offset = -1;
switch (type) {
case QJsonValue::Double:
if (latinOrIntValue)
@ -345,9 +345,9 @@ bool Value::isValid(const Base *b) const
break;
}
if (!offset)
if (offset == -1)
return true;
if (offset + sizeof(uint) > b->tableOffset)
if (offset + sizeof(uint) > b->tableOffset || offset < (int)sizeof(Base))
return false;
int s = usedStorage(b);

BIN
tests/auto/corelib/serialization/json/invalidBinaryData/39.bjson Normal file
View File

Binary file not shown.