We checked against integer overflow, but not against overflowing the
QByteArray size limit. That caused a std::bad_alloc to be thrown, which
is bad when decoding unknown data. QCborStreamReader wasn't affected,
since it doesn't merge chunks.
Change-Id: I99ab0f318b1c43b89888fffd160c36f495fada87
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
And move the ones that was already there under the QtNetwork point.
Change-Id: I4f9641f78c624b1846699292e053ee148178df4a
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
QUrl will reject invalid URLs for us, so we don't get normalization. The
original junk should be retrievable, of course.
Change-Id: Ibdc95e9af7bd456a94ecfffd160610f5b2c8e1a2
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
We rely on QDateTime::fromString being proper, so this is not extensive
testing.
Change-Id: Ibdc95e9af7bd456a94ecfffd160610cdac5d62e1
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
By QCborValue design, we store the textual representation in ISO format,
equivalent of CBOR tag 0, which isn't allowed to have negative years or
beyond year 10000.
Change-Id: Ibdc95e9af7bd456a94ecfffd16060ccff359c296
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
QDateTime::fromSecsSinceEpoch() multiplies by 1000 but does not check
for overflow. That means we must do so in QCborValue validation. We
can't use mul_overflow<qint64> on 32-bit platforms, so we do a compare-
and-branch there. For 64-bit platforms, we prefer to do the
multiplication with checked overflow, as the common case is that it will
not overflow and we'll need the multiplication anyway.
Change-Id: Ibdc95e9af7bd456a94ecfffd16060cba6f1c86b8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
If a warning is outputted before Qt has had a chance to initialize the
logging rules then it will cause it to hang as it will be stuck trying
to initialize but can't continue because it needs to output the warning
which triggered during that initialization. Therefore the warning should
not be outputted to avoid this from happening.
Change-Id: I202752c377bf69def2f7fb76be71b78d00ad3fd5
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
QCocoaTouch sneakily updated the list of active touches in the
destructor, causing problems when we switched from Q_FOREACH
to ranged-for.
Fixes: QTBUG-83876
Change-Id: If7ec9e9116b7eb581580b461ae12ad70c739906d
Reviewed-by: Simon Hausmann <hausmann@gmail.com>
With the introduction of the \typealias command to QDoc, QDoc generates
a standardized line for aliased types.
This patch removes duplication caused by the change in QDoc.
Change-Id: I1a01c378f85b0decb7c0400a3b21146f0898c6ec
Reviewed-by: Topi Reiniö <topi.reinio@qt.io>
When a configuration is static and has builtin_testdata defined, it was
possible that the "testdata" resource that is generated in testcase.prf was
used for a qmlimportscan directly. This generated test data resource is no
file though. It's a "qmake struct" that contains files and a base folder
so that we should add every file from the "file list" of that struct.
It is possible, that the generated resource has a base, but no files. Thus
we need two loops or we can end up with a command line that ends with
"-qmldir". If qmlimportscanner decided to warn/error out in this case in
the future this feature could be broken and the point of breakage might
not be obvious.
Change-Id: I2111f594f7d5cf40521b8fe9236a8be9e2ed1b07
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Due to QChar being convertible from almost any integral type,
the old code actually called QString::remove(QChar).
Fix by using QString::chop() instead.
Change-Id: I345b018aa137ecff608a130e69ade5d37ef0805c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
Do not continue if the conversion to 32bit int would cause an overflow.
Change-Id: I8a198dce5962e7ebd248b9baa92aba8730bfd3b0
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Copy line by line when bytes per line doesn't match between input and
output.
Fixes: QTBUG-83777
Change-Id: I44ca75963df6188c1de76196d9c12fd8bb081688
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
9d5ae9f26c98 introduced a warning when a matching icon engine was not
found for a given file suffix, under the assumption that all formats
would go through icon engine plugins. Unfortunately QIcon itself falls
back to a direct use of QPixmapIconEngine when no icon engine plugin
is found, which would lead to the warning being emitted for built in
formats such as PNG.
Until this code can be moved properly into QPixmapIconEngine we'll
remove it.
Change-Id: I14d1d33a0f0c29e4b4604ef3b53c05cb8e02f867
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Apps on the iOS app store are required to use storyboards for their
launch screens from June 30th 2020.
Change-Id: Iae34042294fb167a2c893542c57dfaacaf1e929c
Fixes: QTBUG-83512
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
If it is null then it has nothing to grab, so a null QImage and QRect
is added to the lists so that there is still a representation in some
form for that display. This additionally ensures that it does take
up space for the display in the final image too.
Fixes: QTBUG-63086
Change-Id: I6e80ecc1170642025f6930e2211017c114e25c16
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
The internal removeAt(index) method was implemented as taking cbor
indexes directly, in contrast to the other ...At(index) methods.
Fixes: QTBUG-83695
Change-Id: I16597eb6db1cf71e1585c041caa81bf8f7a75303
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
configure -no-compile-examples means that the examples won't be
compiled, but processed by qmake to generate install targets. So we
shouldn't do any substitution (like it is done for CMake targets), or
extra compilers / copies (like it is done for qmltypes).
Also install the qmldir files that some qml examples need.
Fixes: QTBUG-83375
Fixes: QTBUG-83704
Change-Id: I6a9393bd914d98a5d85f4089205510e49a435842
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Fixes
error C2124: divide or mod by zero
when compiling the test code (enabled by
713cd83200).
Pick-to: 5.15
Change-Id: I2ae39426fc0012f79714ff3d6484d792cab4bd92
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Comparing the layer contents to the backingstore surface doesn't make
sense when we're single buffered since we're always using the same
surface.
And once Core Animation has picked up on the surface it's not enough to
just keep drawing to it, we also need to tell Core Animation that the
contents has changed.
Change-Id: I517a0b7a3ba7e9d96033465c9bd5a192985643ac
Fixes: QTBUG-81071
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Change-Id: Ibdc95e9af7bd456a94ecfffd16061db982ad3fa7
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
We can only update usedData at the end, after we've decoded all chunks.
The update inside the lambda was double-accounting for the first chunk,
which could lead to signed integer overflows in usedData.
Not unit-testable since the usedData value is not visible in the API.
Change-Id: Ibdc95e9af7bd456a94ecfffd16061cc955208859
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
When a date-time was parsed from a string, the result was equal (as a
date-time) to the correct value, but had (at least in some cases) the
wrong spec, where it should have had a spec reflecting the zone
specifier parsed.
The time-spec imposed for the benefit of QDateTimeEdit is now moved
from QDateTimeParser to QDateTimeEditPrivate, which takes over
responsibility for imposing it. QDateTimeParser assumes Qt::LocalTime
in member functions (where applicable) and uses the time-spec parsed
from the string when constructing the date-time.
QDateTime::fromString() and QLocale::toDateTime() are updated to
use the full QDateTime returned by QDateTimeParser.
Fixes: QTBUG-83075
Done-With: Edward Welbourne <edward.welbourne@qt.io>
Change-Id: I8b79add2c7fc13a200e1252d48dbfa70b36757bf
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Due to the bug related to the 'new syntax' signal/slot connections,
it's unfortunately possible to have a connection not deleted properly
by the moment children objects get deleted. Then, as a result,
in e.g. QSslSocket's destructor the socket will change its state,
triggering the (now deleted) UI elements' access.
Note - the original bug was reported, the patch (only possible?) was
not accepted.
Fixes: QTBUG-83659
Change-Id: I2965532485bcd46f93f8449e4d0a30da92b572c5
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This reverts commit 3a6d8df521.
That change is only for 5.14.
Conflicts:
src/plugins/platforms/wasm/qwasmeventtranslator.cpp
src/plugins/platforms/wasm/qwasmintegration.cpp
src/plugins/platforms/wasm/qwasmopenglcontext.cpp
src/plugins/platforms/wasm/qwasmscreen.cpp
Change-Id: I2d845c795a683e1542201cfb6fdd185fec2b17ab
This reverts commit 3a6d8df521.
That change is only for 5.14.
Conflicts:
src/plugins/platforms/wasm/qwasmeventtranslator.cpp
src/plugins/platforms/wasm/qwasmintegration.cpp
src/plugins/platforms/wasm/qwasmopenglcontext.cpp
src/plugins/platforms/wasm/qwasmscreen.cpp
Change-Id: Ib9151e199291fe6eb4151027b515393c05303d65
qsocketnotifier.h:113:69: error: cannot initialize return object of type
'Qt::HANDLE' (aka 'void *') with an lvalue of type 'const
QSocketDescriptor::DescriptorType' (aka 'const int')
qsortfilterproxymodel.cpp:2938: error: out-of-line definition of
'recursiveFilteringEnabledChanged' does not match any declaration in
'QSortFilterProxyModel'
qline.cpp:376: (qdoc) warning: Cannot find 'QLineF::IntersectionType'
specified with '\enum' in any header file
Fixes: QTBUG-83676
Change-Id: I57b51f4ad15fdc50db88100ad5b1cb85ed394b7a
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
- 2019 still uses VCLIB version 140
- minVersion and maxVersionTested have to be set for every MSVC version
Change-Id: I9300e03115e2e99fd250ec85bdd7f3367ab00d48
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: André de la Rocha <andre.rocha@qt.io>
Reviewed-by: Miguel Costa <miguel.costa@qt.io>
Both Negotiate and NTLM are conditioned on the 'challenge' being empty
when starting the authentication process. So let's reset it when we
start the authentication process.
Fixes: QTBUG-83370
Change-Id: I41af6d5bcfe3dd980ca2bedce10ceff4f61047ff
Reviewed-by: Andy Shaw <andy.shaw@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
The CommonMark spec shows that it's not necessary to have a space
between the code fence and the language string:
https://spec.commonmark.org/0.29/#example-112
This also avoids a needless trailing space after a code fence that
does not include a language string.
Change-Id: I2addd38a196045a7442150760b73269bfe4ffb22
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
The end of a code block nested in a list item is now detected;
and if the text of the list item continues after the code block,
it continues to be indented.
Code blocks should never be word-wrapped.
Fixes: QTBUG-80603
Change-Id: I4427f8b1d4807d819616f5cb971e2d006170d9be
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
From 11.7.6 onwards you need to select if your build is rel/dbg/chk/cov.
Added env variable where you can add which build target to configure.
Task-number: QTBUG-74716
Change-Id: I9ab3dd6177c5c5fa1da6aa7556784fa86d0d0348
Reviewed-by: Timo Aarnipuro <timo.aarnipuro@qt.io>
Reviewed-by: Tomi Korpipää <tomi.korpipaa@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Various benchmarks were still using the deprecated timing API.
One didn't even *use* the timer it implemented this way.
One was just using start as a short-hand for assigning to currentTime().
Change-Id: If406d0fb606e454fec056f386bcd0aa6726ee96e
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This was taken from 4a302b42c7bf5e11 in SQLite, ref:
https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11
[ChangeLog][QtSQL][sqlite] Fixed CVE-2020-11655
Task-number: QTBUG-83652
Change-Id: I5ead78d9ee63aa0f12f1c1014c79373728569f30
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
