While the user is entering the password, the string variable that
stores the value might have to reallocate its content from time
to time (when the string needs to grow beyond its current capacity).
When the reallocation happens, the old buffer is freed, but its
data is not zeroed-out. This means that a QLineEdit that serves as
a password input field might leak chunks of the password during
its lifetime, and the leaks will persist after its destruction.
Since the QLineEdit can not control the behavior of the QString
it uses to store the entered value, the only thing it can do is try
to make the reallocations rare.
This patch reserves the space for 30 characters for the string which
stores the QLineEdit value when said QLineEdit is used for password
input. This is enough to make sure no reallocation happens in
majority of cases as barely anyone uses passwords longer than 30
characters.
[ChangeLog][QtWidgets][QWidgetLineControl/security] Preallocate a buffer
for the string that contains the entered value when the QLineEdit serves
as a password input field to minimize reallocations.
Change-Id: I3e695db93e34c93335c3bf9dbcbac832fc18b62d
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io>
note that pkg-config is a tad stupid: it won't tell us if the package is
built statically, but one needs to explicitly ask it to output
transitive deps for static packages. we can do that, as we resolve the
pkg-config output to actual libraries, so we know if they are static.
always asking it would print the transitive deps also if we found a
dynamically linked library, which would inappropriately extend the link
interface. the latter actually happens on windows (because we can't
easily tell apart real static libs from import libs), but that doesn't
matter, as under windows, the linker transitively resolves dlls anyway.
Change-Id: If1be3b3df476374d5c8e62f4b185477c988223b3
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Cosmetic, so we can avoid using QMap::insertMulti().
Change-Id: If7c971e127af0537dd28bd25f7803804e7e01170
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
And having duplicated entries in the hash doesn't make any sense. So use
regular iteration and insert for streaming the data in and out.
Change-Id: Ic3983010bdb9e17b207c6038fdccf43659da0e23
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
It can be just as well received from the QModelIndex member.
Change-Id: I72f930206ca2afed730009778ded0e56e4e6f278
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>
Verify that it does cut in after the specified time has elapsed.
Task-number: QTPM-1385
Change-Id: Ib18e8d6af28339f79cca4d62b869287ce07b8cc1
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>
Match the environment tst_selftests.cpp uses for subtests more
faithfully. Extends b22e50acda. In the process, tweak how crashers
are handling, in preparation for the watchdog test.
Change-Id: I09a046460f6f3bff0b12069fad6c1437d89572ce
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>
One test for bad data for the column, another for a bad QFETCH.
Incidentally extend blacklist testing by blacklisting them.
Reorganise a QEMU condition that needed extended as part of this.
Task-number: QTPM-1385
Change-Id: Iac72ada19760321c5c9264ddfff7740d1fdd0700
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>
The NSAccessibility protocol has a property accessibilityParent.
This adds the implementation. The protocol will be adopted in a
follow-up commit.
Change-Id: I648cdc201950159e8268743a7fcdd24beb58c1c6
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Calling mysql_stmt_free_result() frees the results of the last
executed query while keeping the prepared statement valid. This
allows to keep around prepared QSqlQueries without the overhead
of keeping all the results in memory.
Change-Id: I4589e90857cc4e9a6f9612799bfca967a67e2ab2
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Andy Shaw <andy.shaw@qt.io>
Currently, a tile rearrange will move the active subwindow (if any)
to position zero (top-left). This ignores any tiling order set via
setActivationOrder(). This change removes this move so that the set
tiling order is respected when a tile operation is performed.
Fixes: QTBUG-43356
Change-Id: I2c481f0ffe45e42e811c6b6d476eb4cb65aa5d1f
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io>
[ChangeLog][QtCore][QVector] QVector does not require a default
constructor for its template argument anymore.
Change-Id: Idd256dd756829561c21bd9e1e693f2918f1e3247
Reviewed-by: Luca Beldi <v.ronin@yahoo.it>
Reviewed-by: Samuel Gaist <samuel.gaist@idiap.ch>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This patch introduces a private 'API' to enable server-side OCSP responses
and implements a simple OCSP responder, tests OCSP status on a client
side (the test is pretty basic, but for now should suffice).
Change-Id: I4c6cacd4a1b949dd0ef5e6b59322fb0967d02120
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This macro declares three template functions that are different for each use
of the macro. The functions are in the public API but they are not meant to
be documented. This update just defines the macro to be empty so clang in
qdoc will ignore it.
Without this, clang reports a lot of errors incorrectly, but if we let clang
process the macro, it declares all those extra functions which then must be
documented with \internal in the cpp files, and we don't want to do that.
This will probably be redone in a later version using a custom annotation attribute.
Change-Id: I78ae4bcc98a3844b803d7ef7b1eba5d5539b043f
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
corelib/serialization/qcbormap.h:176:14: warning: Missing reference in range-for with non trivial type (QPair<QCborValue, QCborValue>)
corelib/serialization/qjsoncbor.cpp:820:10: warning: Missing reference in range-for with non trivial type (QJsonValue)
gui/kernel/qguiapplication.cpp:1171:10: warning: Missing reference in range-for with non trivial type (QString)
printsupport/dialogs/qprintdialog_unix.cpp:741:10: warning: Missing reference in range-for with non trivial type (QString)
printsupport/kernel/qprinter.cpp:1851:10: warning: Missing reference in range-for with non trivial type (QVariant)
tools/qlalr/cppgenerator.cpp:463:8: warning: Missing reference in range-for with non trivial type (Name)
Change-Id: I327b0f116e329e55952ed5740a5f5af4b2918392
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
QListWidget::(is|set)Item(Selected|Hidden)() are deprecated for a long
time but not marked as such. Therefore explicitly mark them as
deprecated so they can get removed with Qt6.
Change-Id: I4567e740f1ebb5841b2e5b50c601fb83a782950c
Reviewed-by: Konstantin Shegunov <kshegunov@gmail.com>
Reviewed-by: Samuel Gaist <samuel.gaist@idiap.ch>
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io>
Usually we embed the private key for the leaf certificate, but in
Schannel _q_makePkcs12 is also used to create a certificate store for
our CA certificates, which we don't have any private key for.
So lift this restriction.
Change-Id: Ic86a2a6725f2c8272c951148eb97e18a964a36f2
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Remove braces for single-line bodies, space around binary operators
Change-Id: I958396772966428dcd9694279175fd61d6109b40
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
There is no sense in testing the 'm_widget' pointer against null, as the
memory was allocated using the 'new' operator. The exception will be
generated in the case of memory allocation error.
Task-number: QTBUG-71156
Change-Id: I898bac6d9b51b2abd7a5311aa71ac2492c7c042c
Reviewed-by: Jan Arve Sæther <jan-arve.saether@qt.io>
QMdiAreaPrivate::resizeToMinimumTileSize() does not take into account
scroll bars when calculating the minimum size for the QMdiArea widget.
As a result, if scroll bars are enabled or showing during a tiling
operation, the top-level widget incorrectly expands in size (instead of
utilizing the scroll bars). Therefore, we should only resize the
top-level widget if scroll bars are disabled.
Fixes: QTBUG-40821
Change-Id: I3a8b7582d23fdf12d2b09f3740eea6b60bb395c3
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io>
Cleanup the SimpleDomModel example:
- include own headers first
- use nullptr
- use const where possible
- init members in initialization list
Change-Id: If7029a774793927b9a3a9115ea4a7053402a86a1
Reviewed-by: Sze Howe Koh <szehowe.koh@gmail.com>
Reviewed-by: Luca Beldi <v.ronin@yahoo.it>
Cleanup the StarDelegate example:
- use QStyledItemDelegate instead QItemDelegate
- use nullptr and other useful c++11 constructs
- include the correct headers
Change-Id: If2f65fe7cbdcdd4571d10ffa98d36eeab7836bbb
Reviewed-by: Sze Howe Koh <szehowe.koh@gmail.com>
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
Reviewed-by: Luca Beldi <v.ronin@yahoo.it>
Cleanup the Addressbook example:
- use nullptr
- use for instead foreach
- don't use public members but setters/getters
- use QVector instead QList
- make user-visible translatable
Change-Id: Ie7bdad8a2799c8fa6f634659b51c3064cc8a04ce
Reviewed-by: Samuel Gaist <samuel.gaist@idiap.ch>
Reviewed-by: Sze Howe Koh <szehowe.koh@gmail.com>
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
Reviewed-by: Luca Beldi <v.ronin@yahoo.it>
The calculation of the minimum width assumes that when there is no label
for a row, the field occupies the full row. But this is only true when
QFormLayout::SpanningRole is set for this row. This lead to a to small
minimum size for the row / truncated widgets when the row in question is
the longest one in the form layout.
Fix it by checking if it is a spanned row instead if there is not label
when calculating the sizes.
Fixes: QTBUG-18308
Fixes: QTBUG-60800
Change-Id: I1a610c93ab5c7f9cac503721ae99b36f2710c634
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io>
Using QT_MMAP macro instead of mmap() so we could map more than 2 GB of
the file. Not that the file format supports such a thing, but just in
case.
Change-Id: Iae320a2868db402a993dfffd15689bba1d667c7d
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
The support for setting the style name in the QTextDocument
API was never added, as revealed by the example in the
linked bug report.
The actual bug reported there (style names not working with
some Helvetica Neue) is not reproducible anymore.
[ChangeLog][QtGui][Text] Added support for setting the font's
style name in QTextCharFormat.
Task-number: QTBUG-22813
Change-Id: I8f4d12151c3611aa30965fd963bc93f7c4264e23
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
The more modern LC_BUILD_VERSION load command was introduced in the 10.13
SDK to unify the various versions of the LC_*_VERSION_MIN command. When
building with a deployment target of 10.14, the linker will use this
load command instead.
Change-Id: Ic3571fdbfdf4dfb9346128c6f6e75d1e06f86cd2
Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io>
Xcode 10 ships version 921.0.1 of cctools, which otool is part of. The
defaults have changed in that version to no longer print verbosely
(symbolically), which we relied on. We now request it explicitly.
Change-Id: Ifbe0c97462b9f78cf128c820847eff9c72f17065
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Tim Blechmann <tim@klingt.org>
The old name was confusing as it conflicted with
QList<T>::swap(QList &other), that was doing something
completely different.
Rename the method to swapItemsAt() which is a lot clearer.
Change-Id: Iac77a1e790a7256766f83a24d2a243c880d875f4
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>
This is a very slight source incompatibility, but required as
a preparation for Qt 6, where QList should inherit QVector or
share the implementation with it.
This requires some special work to correctly instantiate and
export QVector<QPoint> from Qt Core on MSVC.
Change-Id: I1d042c5fafdde7afe59409eda2580871d4832fcd
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
To unlock dev branch, we need to disable the Docker-based test server on
Linux for short-term. With this change, we can force update the SHA-1 of
docker images in both qt5 and qtbase. During this transitional period,
the Linux platform should keep using the remote test server.
Change-Id: I4c07abf36154382e5d667ca733901b6d7fda9677
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>
This patch enables OCSP stapling in QSslSocket::SslClientMode (OpenSSL back-end
only). OCSP stapling is described by RFC6066 and based on the original OCSP as
defined by RFC2560. At the moment multiple certificate status protocol is not
supported (not implemented in OpenSSL). SecureTransport does not support OCSP
stapling at the moment.
[ChangeLog][QtNetwork][TLS] Added OCSP-stapling support for OpenSSL backend
Task-number: QTBUG-12812
Task-number: QTBUG-17158
Change-Id: Id2e0f4cc861311d1ece462864e5e30c76184af8c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
this considerably speeds up failures, as no doomed build is attempted,
and produces more reliable results, as no second lookup (which would be
subject to environment changes) is done any more during the build.
in principle, this also opens up possibilities like selecting specific
variants of dependencies, automatically extracting rpaths, etc.
qt_helper_lib.prf also needs to create fully resolved library names now.
Change-Id: I65f13564b635433030e40fa017427bbc72d1c130
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
amazingly enough, android has different sysroots for the compiler
(shared includes full of #ifdefs) and the linker (per-platform
libraries).
this patch supports only clang for non-darwin, which notably covers all
supported android ndks.
with this fixed, we also remove the hard-coded setting of
QMAKE_DEFAULT_*DIRS from the specs.
amends 353fb118c.
Change-Id: Ie0513de0f7123d7f5b8ca1ffcc72c017cddd126c
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Make the decoder fail early to avoid spending time and memory on
attempting to decode a corrupt image file.
Change-Id: I598db817c387867a449040f5be5427c8b8746483
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
This mechanism should only be enabled only for debug deployments, but
the check was removed by accident in ca139228ab.
Fixes: QTBUG-72230
Fixes: QTBUG-72132
Change-Id: I3378436e93314fdf254919aed066f1284a4581b3
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
If the document is paged and contains an image spanning more than one
page, correctly set the y position for everything following that
image.
Change-Id: I1c584c7a907c1728c2965f1dc3fdc56069ab3172
Fixes: QTBUG-59886
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
The contents of a deleted QString can still remain in memory
and can be accessible by tools that read the raw process memory.
This means that a QLineEdit that serves as a password input field
can leak the password after it is destroyed.
With this patch, the contents of the m_text string member variable
will be zeroed-out before the m_text is destructed. This is done
only in the cases when the QLineEdit serves as a password field.
[ChangeLog][QtWidgets][QWidgetLineControl/security] Zero-out the string
that contains a password entered into the QLineEdit
Change-Id: I8f88f952244bf8a0399c14acf0869439ca0a60ca
Reviewed-by: Luca Beldi <v.ronin@yahoo.it>
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
