AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6326bec46a
qt5base-lts/tests
History
Ahmad Samir 6326bec46a QXmlStreamReader: make fastScanName() indicate parsing status to callers 
This fixes a crash while parsing an XML file with garbage data, the file
starts with '<' then garbage data:
- The loop in the parse() keeps iterating until it hits "case 262:",
  which calls fastScanName()
- fastScanName() iterates over the text buffer scanning for the
  attribute name (e.g. "xml:lang"), until it finds ':'
- Consider a Value val, fastScanName() is called on it, it would set
  val.prefix to a number > val.len, then it would hit the 4096 condition
  and return (returned 0, now it returns the equivalent of
  std::null_opt), which means that val.len doesn't get modified, making
  it smaller than val.prefix
- The code would try constructing an XmlStringRef with negative length,
  which would hit an assert in one of QStringView's constructors

Add an assert to the XmlStringRef constructor.

Add unittest based on the file from the bug report.

Later on I will replace FastScanNameResult with std::optional<qsizetype>
(std::optional is C++17, which isn't required by Qt 5.15, and we want to
backport this fix).

Credit to OSS-Fuzz.

Fixes: QTBUG-109781
Fixes: QTBUG-114829
Pick-to: 6.6 6.5 6.2 5.15
Change-Id: I455a5eeb47870c2ac9ffd0cbcdcd99c1ae2dd374
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
2023-06-28 00:11:21 +03:00
..
auto QXmlStreamReader: make fastScanName() indicate parsing status to callers 2023-06-28 00:11:21 +03:00
baseline Baseline tests: wait longer before taking a screen snapshot 2023-04-20 15:17:25 +02:00
benchmarks Fix warning, remove unused variable 2023-05-22 16:45:27 +02:00
global
libfuzzer Change the license of all CMakeLists.txt and *.cmake files to BSD 2022-08-23 23:58:42 +02:00
manual rhi: multiview: Exercise instancing in the test 2023-06-27 17:39:23 +02:00
shared Inline the resetSystemLocale function 2023-01-12 19:54:13 +01:00
testserver Use SPDX license identifiers 2022-05-16 16:37:38 +02:00
CMakeLists.txt Rid of 'special case' markers 2023-04-13 18:30:58 +02:00
README

README 

This directory contains autotests and benchmarks based on Qt Test. In order
to run the autotests reliably, you need to configure a desktop to match the
test environment that these tests are written for.

Linux X11:

   * The user must be logged in to an active desktop; you can't run the
     autotests without a valid DISPLAY that allows X11 connections.

   * The tests are run against a KDE3 or KDE4 desktop.

   * Window manager uses "click to focus", and not "focus follows mouse". Many
     tests move the mouse cursor around and expect this to not affect focus
     and activation.

   * Disable "click to activate", i.e., when a window is opened, the window
     manager should automatically activate it (give it input focus) and not
     wait for the user to click the window.