Commit 8010e906d3 accidentally ended up
removing the removal-on-undefined-insertion check by calling insertAt
instead of insert, which had it. This patch moves the check back into
setValueAt.
Change-Id: Ic381e284d3da37e31c4eb29f79dfab9c55c2e3e9
Fixes: QTBUG-77204
Reviewed-by: Liang Qi <liang.qi@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Also optimized the existing QL1S overload of non-const operator[](), and
applied Extract Method refactoring to the other existing QL1S overloads.
[ChangeLog][QtCore][QJsonObject] Added insert(), remove(), and take()
overloads taking QLatin1String.
Change-Id: I5e737cf2d7d9ffb325d6981db1e4a6a9f093657b
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Anton Kudryavtsev <antkudr@mail.ru>
[ChangeLog][QtCore][JSON] Added overloads of functions taking key
strings as QStringView; in QJsonObject, QJsonValue and QJsonDocument.
Change-Id: I78b40aba8200003acfae257ff06f5f15737005e7
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Anton Kudryavtsev <antkudr@mail.ru>
Add support for surrogate code points U+D800 through U+DFFF,
represent them with JSON escape sequences.
https://github.com/tc39/proposal-well-formed-stringify
Change-Id: I84fea53a8ef400beebefdba10ea82dc510fe7dda
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
A default-constructed QJsonObject has no data payload, it is only a pair of null
pointers. So, when it becomes necessary to 'materialize' such an object, a
special global emptyObject constant is used as the substitute payload. There is
a small problem with this global constant though, namely that it's is_object
flag is unset. In other words, the emptyObject is not an object, but an array.
Fix by setting the is_object flag on emptyObject.
The example code in the bug report
QJsonObject parent;
QJsonObject child;
parent["child"] = child; // 1
child = parent["child"].toObject(); // 2
child["test"] = "test"; // 3
runs into this problem on line 1. Inserting the default-constructed child means
inserting a copy of emptyObject. On line 2 a pointer to this copy of emptyObject
is retrieved and cast to an object. But it's not an object, it's an array, so
things go wrong hereafter.
Specifically, on line 3, two inserts are performed, one from operator[] and one
from operator=. Each insert increments a compaction counter. The second insert
triggers compaction (QJsonObject::insert calls Value::requiredStorage calls
Data::compact) and compaction branches based on the is_object flag. Replacing
line 3 with
child.insert("test", "test");
causes the example to appear to work since compaction is not triggered and the
JSON serializer does not look at the is_object flag. Still, any further insert()
calls would trigger compaction and memory corruption.
Task-number: QTBUG-69626
Change-Id: I8bd5174dce95998bac479c4b4ffea70bca1a4d04
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
The added test case contains the binary JSON equivalent of
["ž"]
with the modification that the string's length has been set to INT_MAX. In
Value::usedStorage this length is used through the pointer d like so
s = sizeof(int) + sizeof(ushort) * qFromLittleEndian(*(int *)d);
Because 2 * INT_MAX is UINT_MAX-1, the expression as a whole evaluates to 2,
which is considered a valid storage size. However, when converting this binary
JSON into ordinary JSON we will attempt to construct a QString of length
INT_MAX.
Fixed by using String::isValid instead of Value::usedStorage. This method
already takes care to avoid the overflow problem. Additionally, I've tried in
this patch to clarify the behavior of Value::isValid a bit by writing it in a
style that is hopefully more amenable to structural induction.
Finally, the test case added in my previous patch had the wrong file extension
and is renamed in this one.
Task-number: QTBUG-61969
Change-Id: I45d891f2467a71d8d105822ef7eb1a73c3efa67a
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
The added test case is the binary JSON equivalent of
{"a":{"š":null}}
with two modifications. First, the length of the string "š" has been corrupted
to 0xFFFFFF00. Second and more import, the Base::size field of the inner object
has been reset to 0.
On its own the first modification would normally trigger a validation error.
However, due to the second modification the Value::usedStorage for the inner
object evaluates to 0, completely disabling all further validation of the
object's contents.
Attempting to convert this binary JSON into standard JSON will lead to the JSON
writer trying to construct a QString of length 0xFFFFFF00.
Fixed by validating also objects with usedStorage == 0.
Task-number: QTBUG-61969
Change-Id: I5e59383674dec9be89361759572c0d91d4e16e01
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
The added test case is a binary JSON file describing an array which contains
itself. This file passes validation even though attempting to convert it to
plain JSON leads to an infinite loop. Fixed by rejecting it in validation.
Task-number: QTBUG-61969
Change-Id: Ib4472e9777d09840c30c384b24294e4744b02045
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
This method takes a pointer+size pair, but begins reading through the pointer
without first checking the size parameter. Fixed by checking the size parameter.
A new test case is added with an empty binary json file. Although the test does
not fail under normal conditions, the problem can be detected using valgrind or
AddressSanitizer.
Task-number: QTBUG-61969
Change-Id: Ie91cc9a56dbc3c676472c614d4e633d7721b8481
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
[ChangeLog][QtCore][QJsonValue] fromVariant() conversion now converts
from QUrl and QUuid using special encoding forms to ensure best JSON
compatibility.
Change-Id: I56b444f9d6274221a3b7fffd150cdc5ca1f87ff1
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
For compatibility with other parsers that may expect it to be so.
Change-Id: I56b444f9d6274221a3b7fffd150cd66390f98fd5
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
This is in preparation to adding CBOR support. We don't need yet another
dir for CBOR and placing it in src/corelib/json is just wrong.
Change-Id: I9741f017961b410c910dfffd14ffb9d870340fa6
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>