diff options
| author | Olivier Goffart <olivier.goffart@nokia.com> | 2010-08-10 08:54:26 (GMT) |
|---|---|---|
| committer | Olivier Goffart <olivier.goffart@nokia.com> | 2010-08-10 11:01:52 (GMT) |
| commit | 2281a3a7a62a5a81de7fefaf0b84f130b16bd44f (patch) | |
| tree | ab68f833eedc835679dc8417b76061cc4aeffd29 | |
| parent | 989879ae23dd5e2d10d84d8308ec279a1aed762c (diff) | |
| download | Qt-2281a3a7a62a5a81de7fefaf0b84f130b16bd44f.zip Qt-2281a3a7a62a5a81de7fefaf0b84f130b16bd44f.tar.gz Qt-2281a3a7a62a5a81de7fefaf0b84f130b16bd44f.tar.bz2 | |
QMetaObject::normalizeSignature avoid reading past the string in case of invalid signature given.
If passed "a(b", qNormalizeType would return a pointer to the \0 at the end
of the string. We would add \0 to the result (thinking it is ',' or ')' )
And continue to process the memory after the string.
Reviewed-by: Kent Hansen
Task-number: QT-1591
| -rw-r--r-- | src/corelib/kernel/qmetaobject.cpp | 5 | ||||
| -rw-r--r-- | tests/auto/qmetaobject/tst_qmetaobject.cpp | 6 |
2 files changed, 8 insertions, 3 deletions
diff --git a/src/corelib/kernel/qmetaobject.cpp b/src/corelib/kernel/qmetaobject.cpp index 79a38cd..9854e68 100644 --- a/src/corelib/kernel/qmetaobject.cpp +++ b/src/corelib/kernel/qmetaobject.cpp @@ -1009,8 +1009,11 @@ QByteArray QMetaObject::normalizedSignature(const char *method) int argdepth = 0; int templdepth = 0; while (*d) { - if (argdepth == 1) + if (argdepth == 1) { d = qNormalizeType(d, templdepth, result); + if (!*d) //most likely an invalid signature. + break; + } if (*d == '(') ++argdepth; if (*d == ')') diff --git a/tests/auto/qmetaobject/tst_qmetaobject.cpp b/tests/auto/qmetaobject/tst_qmetaobject.cpp index 62416b1..bb96da1 100644 --- a/tests/auto/qmetaobject/tst_qmetaobject.cpp +++ b/tests/auto/qmetaobject/tst_qmetaobject.cpp @@ -714,6 +714,8 @@ void tst_QMetaObject::normalizedSignature_data() QTest::newRow("const12") << "void foo(Foo<Bar>const*const *const)" << "void foo(Foo<Bar>*const*const)"; QTest::newRow("const13") << "void foo(const Foo<Bar>&)" << "void foo(Foo<Bar>)"; QTest::newRow("const14") << "void foo(Foo<Bar>const&)" << "void foo(Foo<Bar>)"; + + QTest::newRow("invalid1") << "a( b" << "a(b"; } void tst_QMetaObject::normalizedSignature() @@ -721,7 +723,7 @@ void tst_QMetaObject::normalizedSignature() QFETCH(QString, signature); QFETCH(QString, result); - QCOMPARE(QString::fromLatin1(QMetaObject::normalizedSignature(signature.toLatin1())), result); + QCOMPARE(QMetaObject::normalizedSignature(signature.toLatin1()), result.toLatin1()); } void tst_QMetaObject::normalizedType_data() @@ -759,7 +761,7 @@ void tst_QMetaObject::normalizedType() QFETCH(QString, type); QFETCH(QString, result); - QCOMPARE(QString::fromLatin1(QMetaObject::normalizedType(type.toLatin1())), result); + QCOMPARE(QMetaObject::normalizedType(type.toLatin1()), result.toLatin1()); } void tst_QMetaObject::customPropertyType() |