summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSami Rosendahl <ext-sami.1.rosendahl@nokia.com>2011-10-19 07:36:24 (GMT)
committerQt by Nokia <qt-info@nokia.com>2012-01-18 17:07:00 (GMT)
commitd8d4dc8599fb251ca201f5c3f496df1045d288c3 (patch)
tree26ce5f2a4d7b0ad7604e4fd8d69cd01a1990e795
parentfb38e3801724471a9fb0ea3b412e631223250c44 (diff)
downloadQt-d8d4dc8599fb251ca201f5c3f496df1045d288c3.zip
Qt-d8d4dc8599fb251ca201f5c3f496df1045d288c3.tar.gz
Qt-d8d4dc8599fb251ca201f5c3f496df1045d288c3.tar.bz2
Fix memory leak in QDomDocument DTD entity declaration handler
The created entity node's reference count needs to be decremented to 0 before it is added as a child, because appendChild will increment the reference count to correct value of 1. Also added autotest DTDEntityDecl to tst_qdom to expose the leak when executed under valgrind memcheck. There was no previous direct test case for unparsed entity declarations in DTD, only indirect coverage via regression test cloneDTD_QTBUG8398. Task-number: QTBUG-22587 Change-Id: I2c3a78569b564b80ff5e2f63f59fa36c94a22236 (From Qt5 commit d55cdcd59fdddd660193ddff40fbd52bef57c0c9) Reviewed-by: Olivier Goffart <ogoffart@woboq.com>
-rw-r--r--src/xml/dom/qdom.cpp2
-rw-r--r--tests/auto/qdom/tst_qdom.cpp25
2 files changed, 27 insertions, 0 deletions
diff --git a/src/xml/dom/qdom.cpp b/src/xml/dom/qdom.cpp
index 85b89de..60e976b 100644
--- a/src/xml/dom/qdom.cpp
+++ b/src/xml/dom/qdom.cpp
@@ -7545,6 +7545,8 @@ bool QDomHandler::unparsedEntityDecl(const QString &name, const QString &publicI
{
QDomEntityPrivate* e = new QDomEntityPrivate(doc, 0, name,
publicId, systemId, notationName);
+ // keep the refcount balanced: appendChild() does a ref anyway.
+ e->ref.deref();
doc->doctype()->appendChild(e);
return true;
}
diff --git a/tests/auto/qdom/tst_qdom.cpp b/tests/auto/qdom/tst_qdom.cpp
index 3ba75e3..03285cb 100644
--- a/tests/auto/qdom/tst_qdom.cpp
+++ b/tests/auto/qdom/tst_qdom.cpp
@@ -133,6 +133,7 @@ private slots:
void taskQTBUG4595_dontAssertWhenDocumentSpecifiesUnknownEncoding() const;
void cloneDTD_QTBUG8398() const;
void DTDNotationDecl();
+ void DTDEntityDecl();
void cleanupTestCase() const;
@@ -1954,5 +1955,29 @@ void tst_QDom::DTDNotationDecl()
QCOMPARE(doctype.namedItem(QString("jpeg")).toNotation().systemId(), QString("image/jpeg"));
}
+void tst_QDom::DTDEntityDecl()
+{
+ QString dtd("<?xml version='1.0' encoding='UTF-8'?>\n"
+ "<!DOCTYPE first [\n"
+ "<!ENTITY secondFile SYSTEM 'second.xml'>\n"
+ "<!ENTITY logo SYSTEM \"http://www.w3c.org/logo.gif\" NDATA gif>"
+ "]>\n"
+ "<first/>\n");
+
+ QDomDocument domDocument;
+ QVERIFY(domDocument.setContent(dtd));
+
+ const QDomDocumentType doctype = domDocument.doctype();
+ QCOMPARE(doctype.entities().count(), 2);
+
+ QVERIFY(doctype.namedItem(QString("secondFile")).isEntity());
+ QCOMPARE(doctype.namedItem(QString("secondFile")).toEntity().systemId(), QString("second.xml"));
+ QCOMPARE(doctype.namedItem(QString("secondFile")).toEntity().notationName(), QString());
+
+ QVERIFY(doctype.namedItem(QString("logo")).isEntity());
+ QCOMPARE(doctype.namedItem(QString("logo")).toEntity().systemId(), QString("http://www.w3c.org/logo.gif"));
+ QCOMPARE(doctype.namedItem(QString("logo")).toEntity().notationName(), QString("gif"));
+}
+
QTEST_MAIN(tst_QDom)
#include "tst_qdom.moc"