Commit Graph

10524 Commits

Author SHA1 Message Date
Thiago Macieira
798492ccee QCborValue: catch overflow in QByteArray when decoding chunked strings
We checked against integer overflow, but not against overflowing the
QByteArray size limit. That caused a std::bad_alloc to be thrown, which
is bad when decoding unknown data. QCborStreamReader wasn't affected,
since it doesn't merge chunks.

Change-Id: I99ab0f318b1c43b89888fffd160c36f495fada87
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
2020-05-07 07:39:26 -07:00
Thiago Macieira
821e71fded QCborValue: check parsing of invalid URL
QUrl will reject invalid URLs for us, so we don't get normalization. The
original junk should be retrievable, of course.

Change-Id: Ibdc95e9af7bd456a94ecfffd160610f5b2c8e1a2
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2020-04-30 08:01:28 -03:00
Thiago Macieira
8366c06d46 QCborValue: add tests of parsing invalid ISO date-time strings
We rely on QDateTime::fromString being proper, so this is not extensive
testing.

Change-Id: Ibdc95e9af7bd456a94ecfffd160610cdac5d62e1
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2020-04-30 04:01:05 -07:00
Thiago Macieira
2a53017df4 QCborValue: add an extra check against producing invalid ISO dates
By QCborValue design, we store the textual representation in ISO format,
equivalent of CBOR tag 0, which isn't allowed to have negative years or
beyond year 10000.

Change-Id: Ibdc95e9af7bd456a94ecfffd16060ccff359c296
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
2020-04-30 04:00:47 -07:00
Thiago Macieira
52a2505672 QCborValue: avoid signed integer oveflows when decoding time_t
QDateTime::fromSecsSinceEpoch() multiplies by 1000 but does not check
for overflow. That means we must do so in QCborValue validation. We
can't use mul_overflow<qint64> on 32-bit platforms, so we do a compare-
and-branch there. For 64-bit platforms, we prefer to do the
multiplication with checked overflow, as the common case is that it will
not overflow and we'll need the multiplication anyway.

Change-Id: Ibdc95e9af7bd456a94ecfffd16060cba6f1c86b8
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2020-04-30 11:00:29 +00:00
Eirik Aavitsland
9e83d268d6 Fix data corruption regression in QJsonObject::erase()
The internal removeAt(index) method was implemented as taking cbor
indexes directly, in contrast to the other ...At(index) methods.

Fixes: QTBUG-83695
Change-Id: I16597eb6db1cf71e1585c041caa81bf8f7a75303
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2020-04-23 13:42:01 +02:00
Andrei Golubev
7605451604 Handle specified time-spec in date-time parsing
When a date-time was parsed from a string, the result was equal (as a
date-time) to the correct value, but had (at least in some cases) the
wrong spec, where it should have had a spec reflecting the zone
specifier parsed.

The time-spec imposed for the benefit of QDateTimeEdit is now moved
from QDateTimeParser to QDateTimeEditPrivate, which takes over
responsibility for imposing it. QDateTimeParser assumes Qt::LocalTime
in member functions (where applicable) and uses the time-spec parsed
from the string when constructing the date-time.

QDateTime::fromString() and QLocale::toDateTime() are updated to
use the full QDateTime returned by QDateTimeParser.

Fixes: QTBUG-83075
Done-With: Edward Welbourne <edward.welbourne@qt.io>
Change-Id: I8b79add2c7fc13a200e1252d48dbfa70b36757bf
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2020-04-22 14:14:30 +03:00
Shawn Rutledge
51a348b2e2 Markdown writer: omit space after opening code block fence
The CommonMark spec shows that it's not necessary to have a space
between the code fence and the language string:
https://spec.commonmark.org/0.29/#example-112
This also avoids a needless trailing space after a code fence that
does not include a language string.

Change-Id: I2addd38a196045a7442150760b73269bfe4ffb22
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
2020-04-20 21:08:32 +02:00
Shawn Rutledge
0fcd782bd3 Markdown writer: don't wrap code block, and detect its end
The end of a code block nested in a list item is now detected;
and if the text of the list item continues after the code block,
it continues to be indented.

Code blocks should never be word-wrapped.

Fixes: QTBUG-80603
Change-Id: I4427f8b1d4807d819616f5cb971e2d006170d9be
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
2020-04-20 21:08:23 +02:00
Edward Welbourne
7202df3689 Replace QTime with QElapsedTimer in benchmarks
Various benchmarks were still using the deprecated timing API.
One didn't even *use* the timer it implemented this way.
One was just using start as a short-hand for assigning to currentTime().

Change-Id: If406d0fb606e454fec056f386bcd0aa6726ee96e
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-04-20 17:44:13 +02:00
Robert Loehning
33b1662f16 Fuzzing: Add fuzz target for QCborStreamReader::next
Change-Id: I8e7d90d89b66395370809935b1cb5bf144bded49
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2020-04-16 21:12:00 +02:00
Mårten Nordheim
487dd80bce Introduce QSocketNotifier::activate(QSocketDescriptor, QSN::Type)
The pre-existing overload passes an int, but this can mean the
descriptor gets truncated in compilations where the descriptor
is 64-bit.

The old overload with int is visible when querying the metaobject system
so string-based connects still work as before, and connecting to it will
produce a deprecation warning in the output.
At the same time the PMF-based connect will, on recompile, pick the
QSocketDescriptor overload. As an added improvement it also comes with
the notification type, removing the need for separate slots where the
code would be mostly shared anyway.

The QSocketDescriptor type can be implicitly converted to and from
qintptr to ensure existing code still compiles. It can also be
constructed from Qt::HANDLE on Windows.

In this same patch I also update the existing string-based connects in
this module, which then includes updating the parameters for some slots
as well.

[ChangeLog][QtCore][QSocketNotifier] Added
QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type).
This replaces the activated(int) signal which in 64-bit environments
could truncate the socket descriptor. If you use "activated" with the
string-based connect() then you need to update the parameter type of the
signal and slot if it had one. If you use it with the pointer to member
function based connect() then all you need to do is update your slot's
parameter type if it has one. If you need to compile your source code
with multiple versions of Qt then connect() to this function using
pointer to member function and update the slot's parameter type if
needed.

Task-number: QTBUG-70441
Change-Id: Ic43d6bc4c5bcb4040867b2ffad8d36fb01eed8af
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2020-04-16 13:52:11 +02:00
Tor Arne Vestbø
8138c812cb macOS: Remove a bunch of dead (forward) declarations
Change-Id: I402668a17b48c164658f775bacd832615a6d2587
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
2020-04-15 17:33:06 +02:00
Volker Hilsheimer
e38e1d02cc Add QButtonGroup::idClicked/Pressed/Released/Toggled signals
Following the deprecation of the signal overloads, the remaining signals
did not provide equivalent functionality for connecting a slot expecting
an integer. The mapping from QAbstractButton* to the ID is comparatively
cumbersome to do in the connected slot.

Add uniquely named signals that emit the ID of the button directly.

[ChangeLog][QtWidgets][QButtonGroup] Added signals
idClicked/Pressed/Released/Toggled that replace the deprecated signal
overloads.

Change-Id: I77215e4f815c4fb7dd6326e1f431230e6601e8f8
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
2020-04-15 14:29:08 +02:00
Robert Loehning
5e3b32b608 Fuzzing: Add fuzz target for QTextStream's extraction operator
Change-Id: Ia5fa2e36f5439ebcc323d6d18c33c2dd58404aba
Reviewed-by: Albert Astals Cid <albert.astals.cid@kdab.com>
2020-04-14 23:39:36 +02:00
Thiago Macieira
bfb9b02d3b QCborValue: fix the move-assignment operator
The double-swap technique I used was flawed and broke on
self-assignment. What I had meant to use was the move-and-swap
technique. Thanks to Peppe for pointing it out.

This also fixes a compiler bug in the Green Hills compiler. It was
finding the wrong "swap" function in qSwap:

    using std::swap;
    swap(value1, value2);

It's supposed to find swap(QCborValue &, QCborValue &) due to argument-
dependent lookup. It's instead finding std::swap<QCborValue>, which
recurses.

Fixes: QTBUG-83390
Change-Id: Ibdc95e9af7bd456a94ecfffd1603e1bee90cd107
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
2020-04-11 12:04:25 +00:00
Shawn Rutledge
1ec350e35f Stop using obsolete TouchPoint rect accessors in tests and examples
Followup to cf4a8b12fa
68916fede4 and
3c159957f8.

Task-number: QTBUG-83403
Change-Id: Ieaf418860c565dbe883384e7f296a829fbfa1e33
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
2020-04-10 13:54:43 +00:00
Thiago Macieira
7cd2d2b751 tst_QFileInfo: fix running with systems without /etc/passwd
Clear Linux containers running as root may have no /etc/passwd. But
they'll have /etc/machine-id because systemd creates that. Also test
/proc/version (a Linux-specific file) because that isn't writeable even
by root.

Take the opportunity to check with access() instead of assuming root and
only root can write to the file.

Change-Id: Ibdc95e9af7bd456a94ecfffd1603e8359604752b
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
2020-04-09 10:55:25 -03:00
Thiago Macieira
954d66e572 QCborArray: fix operator[] that extends the array
This was never tested. The infinite loop in QCborContainerPrivate::grow
is the proof.

[ChangeLog][QtCore][QCborArray] Fixed an infinite loop when operator[]
was called with with an index larger than the array's size plus 1.

Change-Id: Ibdc95e9af7bd456a94ecfffd1603df3855c73f20
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
2020-04-09 09:41:56 -03:00
Thiago Macieira
57a57fda78 QCborMap: fix assigning elements from the map to itself
Similar to the QJsonObject issue of the previous commit (found with the
same tests, but not the same root cause). One fix was that copying of
byte data from the QByteArray to itself won't work if the array
reallocates. The second was that

  assign(*that, other.concrete());

fails to set other.d to null after moving. By calling the operator=, we
get the proper sequence of events.

[ChangeLog][QtCore][QCborMap] Fixed some issues relating to assigning
elements from a map to itself.

Note: QCborMap is not affected by the design flaw discovered in
QJsonObject because it always appends elements (it's unsorted), so
existing QCborValueRef references still refer to the same value.

Task-number: QTBUG-83366
Change-Id: Ibdc95e9af7bd456a94ecfffd1603df846f46094d
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
2020-04-09 09:41:40 -03:00
Thiago Macieira
ddc7b3c156 QJsonObject: add missing detach2() calls
The refactoring to use CBOR missed two places where we could assign from
the same object and thus cause corruption. In fixing this issue, I found
a design flaw in QJsonObject, see Q_EXPECT_FAILing unit test and task
QTBUG-83398.

[ChangeLog][QtCore][QJsonObject] Fixed a regression from 5.13 that
incorrect results when assigning elements from an object to itself.

Fixes: QTBUG-83366
Change-Id: Ibdc95e9af7bd456a94ecfffd1603df24b06713aa
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
2020-04-09 09:41:06 -03:00
Thiago Macieira
31d0dcab46 tst_PlatformSocketEngine: Removee SOURCES += of QtNetwork code
Avoids ASAN warning of ODR violation:
SUMMARY: AddressSanitizer: odr-violation: global 'typeinfo name for
QSocketEngineHandler' at ../../../../../src/network/socket/qabstractsocketengine.cpp

This trick has not been needed since we got Q_AUTOTEST_EXPORT. The main .pro
file has:

requires(qtConfig(private_tests))

Change-Id: Ibdc95e9af7bd456a94ecfffd1603e598932b88ad
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-04-09 09:31:04 -03:00
Thiago Macieira
135d98134f tst_QSaveFile: skip test that fails when run as root
FAIL!  : tst_QSaveFile::retryTransactionalWrite() '!file.open(QIODevice::WriteOnly)' returned FALSE. ()
   Loc: [/home/tjmaciei/src/qt/qt5/qtbase/tests/auto/corelib/io/qsavefile/tst_qsavefile.cpp(156)]

strace reveals:
access("/TEMPDIR/outfile.ro", W_OK) = 0

Change-Id: Ibdc95e9af7bd456a94ecfffd1603eb371aadb02b
Reviewed-by: David Faure <david.faure@kdab.com>
2020-04-08 19:55:41 -03:00
Thiago Macieira
36feab8bf4 QTemporaryFile/Linux: don't cut the root dir's slash
Normally people shouldn't create temporary files on /, but if you're
running as root, why not?

Caught when running tst_qtemporaryfile as root:

 openat(AT_FDCWD, "", O_RDWR|O_CLOEXEC|O_TMPFILE, 0600) = -1 ENOENT (No such file or directory)

Change-Id: Ibdc95e9af7bd456a94ecfffd1603ebfc17cea220
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Reviewed-by: David Faure <david.faure@kdab.com>
2020-04-08 19:55:00 -03:00
Qt Forward Merge Bot
12fc3f5751 Merge "Merge remote-tracking branch 'origin/5.14' into 5.15" 2020-04-06 16:50:23 +02:00
Qt Forward Merge Bot
864048a8f5 Merge remote-tracking branch 'origin/5.14' into 5.15
Conflicts:
	src/corelib/kernel/qeventdispatcher_win.cpp

Change-Id: I32db3f755577aefc15f757041367d6144f5e5c66
2020-04-06 15:45:11 +02:00
Kari Oikarinen
9ead0b0431 tst_QScopeGuard: Fix build by giving template parameters explicitly
std::function does not have deduction guides in older libc++ (presumably older
than version 10). Omitting the template parameter isn't essential for the test,
so just give it.

Change-Id: Ia9bb91f961b0928203737ec976913effd06433e0
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
2020-04-06 09:27:01 +02:00
Sona Kurazyan
4ee7adf59d Try to stabilize flaky test cases of tst_qsequentialanimationgroup
Use QTRY_COMPARE in the flaky tests instead of waiting.

Change-Id: Ic18fc5fde3fa47f3b3ef21e6acd876bd6990981d
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
(cherry picked from commit 0ae6803d39)
2020-04-05 16:31:51 +00:00
Volker Hilsheimer
8ed14a3c48 Stabilize QScroller test
Show and activate the widget, otherwise we can't rely on geometry
and gesture event delivery. Use QTRY_ macros in a few more places.

As a drive-by, fix coding style.

Change-Id: If3a13732ae6b07a137fec89e78b7e6b39e066bed
Fixes: QTBUG-82947
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
2020-04-03 20:53:41 +02:00
Alex Trotsenko
274e973dbe Fix flakiness in tst_QApplication::testDeleteLater
DeleteLaterWidget is a main application window of the test. So, its
show() function should be called explicitly before starting the main
event loop. Otherwise, it remains hidden for the whole time, which
causes an incorrect emission of QApplication::lastWindowClosed signal
when a dialog window is closed in the middle of the test.

Also, fix synchronization between deferred deletion and timer event.

Change-Id: Id3ce5adbcd9e5e22508825c52025eeea70202354
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2020-04-03 17:05:27 +03:00
Edward Welbourne
0c2d6c163f Fix deprecation warning in tst_QLocale()'s use of QProcess::start()
Change-Id: I6f5dfa2d40984f86670288bdee4d1b7b060850ac
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2020-04-03 15:13:23 +02:00
Qt Forward Merge Bot
7672e09770 Merge "Merge remote-tracking branch 'origin/5.14' into 5.15" 2020-04-03 15:12:48 +02:00
Tor Arne Vestbø
ab4c22d47d macOS: Remove all use of deprecated Q_OS_OSX define
Change-Id: I49c285604694c93d37c9d1c7cd6d3b1509858319
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
2020-04-03 13:44:37 +02:00
Qt Forward Merge Bot
86d9e36b06 Merge remote-tracking branch 'origin/5.14' into 5.15
Conflicts:
	tests/benchmarks/corelib/text/qstringlist/qstringlist.pro

Change-Id: Ie9b97bd83c2df00fd9b556b5f09d405f71970169
2020-04-03 09:01:44 +02:00
Edward Welbourne
89bd12b9ad Change QLocale to use CLDR's accounting formats for currencies
In particular, this changed the US currency formats for negative
amounts to be parenthesised versions of the positive amount forms,
rather than having a minus sign after the $ sign. Test updated.

[ChangeLog][QtCore][QLocale] Currency formats are now based on CLDR's
accounting formats, where they were previously mostly based (more or
less by accident) on standard formats. In particular, this now means
negative currency formats are specified, where available, where they
(mostly) were not previously.

Task-number: QTBUG-79902
Change-Id: Ie0c07515ece8bd518a74a6956bf97ca85e9894eb
Reviewed-by: Cristian Maureira-Fredes <cristian.maureira-fredes@qt.io>
2020-04-02 20:43:34 +02:00
Edward Welbourne
53ed635dbb Set CONFIG += benchmark in corelib's various benchmarks
This leads to "make benchmark" actually running the benchmark, which
would be nice, I think. Purged various CONFIG += release or -= debug
lines from the same configurations; those surely only configure how
the test code is compiled, which is more or less pointless; it's the
code under test whose debug/release state matters, and I don't suppose
that's affected by the build config of the test code.

In the process, reduce diversity of the ordering of lines within these
*.pro files and purge some dangling space.

Change-Id: Ia9f9f0ca4c096262de928806bdfa6ea3b9e7b9ba
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
2020-04-02 18:33:42 +02:00
Shawn Rutledge
f515ca5dcd Fix QTabletEvent manual tests
- QPainterPath needs an explicit include now
- QTabletEvent::device() is deprecated

Change-Id: I2d1086847ee2cf5ed63e345c7c2d6eb43897f0e4
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
2020-04-01 22:57:55 +02:00
Friedemann Kleint
00d9f68c41 Speed up tst_QApplication::testDeleteLaterProcessEvents2()
Quit the event loop once the object is destroyed.

Change-Id: I6df1cfe867daacb6af56eb84646be91d98a2f545
Reviewed-by: Alex Trotsenko <alex1973tr@gmail.com>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-03-31 21:50:37 +02:00
Friedemann Kleint
ae653fc08b tst_QApplication::testDeleteLaterProcessEvents(): Split the test
The test can trigger timeouts in COIN, split into subtests.

Change-Id: I1fa5d52422275f89b2858d90c5979632aa7058e2
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2020-03-31 21:50:32 +02:00
Liang Qi
947e1f45c7 Merge remote-tracking branch 'origin/5.14' into 5.15
Conflicts:
	tests/auto/widgets/itemviews/qabstractitemview/tst_qabstractitemview.cpp

Change-Id: Ifaa56153f5f0d687a6b4d94f84fcfa1e1751afd2
2020-03-31 12:30:18 +02:00
Robert Loehning
f5a58cccc2 Fuzzing: ignore logging output from QColorSpace
Change-Id: Ica549be24c8873854934f4ba24f2b3f7cb077e25
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
2020-03-30 19:05:33 +01:00
Robert Loehning
cd57dae62f Fuzzing: Add QGuiApplication to gui fuzz targets
Change-Id: I3713701f63d9d8938fbb42ad1ae2f0c4ae813e94
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
2020-03-30 19:05:22 +01:00
Andy Shaw
2e0c29a4bb itemviews: Use the start of the current selection when getting the range
When doing a shift-select while moving the mouse then the start point
should be based on the start of the current selection and not the
pressed position. If there is no current selection start index, then
we can safely depend on pressed position as this will be the previous
index pressed on.

This resolves an issue introduced by
e02293a76d when fixing QTBUG-78797

Fixes: QTBUG-81542
Change-Id: Ia66c42b220452fdcbc8cfccc05dbc8a3911c3f5e
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io>
2020-03-30 11:17:59 +00:00
Thiago Macieira
bff56f953a tst_QCborValue: Prepare for 64-bit QVectors in Qt 6
Change-Id: Ief61acdfbe4d4b5ba1f0fffd15fe1e921aab0a72
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
2020-03-27 16:45:59 -03:00
Thiago Macieira
783d574b93 CBOR support: prevent overflowing QByteArray's max allocation
QByteArray doesn't like it.

Apply the same protection to QString, which we know uses the same
backend but uses elements twice as big. That means it can contain
slightly more than half as many elements, but exact half will suffice
for our needs.

Change-Id: Iaa63461109844e978376fffd15f9d4c7a9137856
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2020-03-27 16:45:48 -03:00
Qt Forward Merge Bot
fd44fb7675 Merge "Merge remote-tracking branch 'origin/5.14' into 5.15" 2020-03-27 18:58:56 +01:00
Eirik Aavitsland
533f7d7ca3 Raster painting: fix dashing for separate lines
When drawing multiple distinct (unconnected) lines (e.g. from
QPainter::drawLines() or a QPainterPath with alternating
movetos/linetos), the dash pattern should not continue from one to the
next, as it should when drawing a connected line (e.g. polyline).
Both the cosmetic stroker and the full stroker does it right, but the
fast rasterizing codepath got it wrong.

Fixes: QTBUG-83048
Change-Id: I3d090f7121726755a0e53cb66b99a5563ac0e1c0
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
2020-03-27 12:31:01 +01:00
Qt Forward Merge Bot
4752bd7718 Merge remote-tracking branch 'origin/5.14' into 5.15
Conflicts:
	src/corelib/serialization/qcborvalue.cpp

Change-Id: I539d8cae5fd413b8a6c9c5d8a6364c79c8133a0a
2020-03-27 09:23:33 +01:00
Sona Kurazyan
f22c929c8a Make tst_QRandomGenerator::qualityReal() test more stable
Increasing the sample size of randomly generated test samples reduces
the probability of small deviations from the expected uniform
distribution.

On my machine with the new values the test fails approximately once per
3000 consecutive runs, instead of failing once per 300.

Change-Id: I4d1815504c353290a2fb350b3fd1cbb802f8d559
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2020-03-25 22:19:24 +01:00
Thiago Macieira
02d595946f QCborValue::fromCbor: Apply a recursion limit to decoding
A simple 16k file can produce deep enough recursion in Qt to cause stack
overflow. So prevent that.

I tested 4096 recursions just fine on my Linux system (8 MB stack), but
decided 1024 was sufficient, as this code will also be run on embedded
systems that could have smaller stacks.

[ChangeLog][QtCore][QCborValue] fromCbor() now limits decoding to at
most 1024 nested maps, arrays, and tags to prevent stack overflows. This
should be sufficient for most uses of CBOR. An API to limit further or
to relax the limit will be provided in 5.15. Meanwhile, if decoding more
is required, QCborStreamReader can be used (note that each level of map
and array allocates memory).

Change-Id: Iaa63461109844e978376fffd15fa0fbefbf607a2
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
2020-03-25 16:21:47 -03:00