summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKent Hansen <khansen@trolltech.com>2009-06-25 14:04:41 (GMT)
committerKent Hansen <khansen@trolltech.com>2009-06-25 14:29:06 (GMT)
commite6647776249e0e3ac9bac38d72965aa87b607859 (patch)
tree813eea38a44f7b914c2a64e844bf35c9d0832133
parentd5b75962ee2e22b5a6b061430f936fc663d7122b (diff)
downloadQt-e6647776249e0e3ac9bac38d72965aa87b607859.zip
Qt-e6647776249e0e3ac9bac38d72965aa87b607859.tar.gz
Qt-e6647776249e0e3ac9bac38d72965aa87b607859.tar.bz2
don't crash when QTextCodec::codecForUtfText() is passed -1 bytes
It's possible that the function gets called with a bytearray of size -1 (for example, by QTextStreamPrivate::fillReadBuffer()). Since the size was erroneously cast to a uint, the subsequent comparison (arraySize > 3) succeeded and caused a crash. Reviewed-by: Denis Dzyubenko
-rw-r--r--src/corelib/codecs/qtextcodec.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/corelib/codecs/qtextcodec.cpp b/src/corelib/codecs/qtextcodec.cpp
index 32c6aef..d4e5d44 100644
--- a/src/corelib/codecs/qtextcodec.cpp
+++ b/src/corelib/codecs/qtextcodec.cpp
@@ -1560,7 +1560,7 @@ QTextCodec *QTextCodec::codecForHtml(const QByteArray &ba)
*/
QTextCodec *QTextCodec::codecForUtfText(const QByteArray &ba, QTextCodec *defaultCodec)
{
- const uint arraySize = ba.size();
+ const int arraySize = ba.size();
if (arraySize > 3) {
if ((uchar)ba[0] == 0x00