diff options
author | Kent Hansen <khansen@trolltech.com> | 2009-06-25 14:04:41 (GMT) |
---|---|---|
committer | Kent Hansen <khansen@trolltech.com> | 2009-06-25 14:29:06 (GMT) |
commit | e6647776249e0e3ac9bac38d72965aa87b607859 (patch) | |
tree | 813eea38a44f7b914c2a64e844bf35c9d0832133 | |
parent | d5b75962ee2e22b5a6b061430f936fc663d7122b (diff) | |
download | Qt-e6647776249e0e3ac9bac38d72965aa87b607859.zip Qt-e6647776249e0e3ac9bac38d72965aa87b607859.tar.gz Qt-e6647776249e0e3ac9bac38d72965aa87b607859.tar.bz2 |
don't crash when QTextCodec::codecForUtfText() is passed -1 bytes
It's possible that the function gets called with a bytearray of
size -1 (for example, by QTextStreamPrivate::fillReadBuffer()).
Since the size was erroneously cast to a uint, the subsequent
comparison (arraySize > 3) succeeded and caused a crash.
Reviewed-by: Denis Dzyubenko
-rw-r--r-- | src/corelib/codecs/qtextcodec.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/corelib/codecs/qtextcodec.cpp b/src/corelib/codecs/qtextcodec.cpp index 32c6aef..d4e5d44 100644 --- a/src/corelib/codecs/qtextcodec.cpp +++ b/src/corelib/codecs/qtextcodec.cpp @@ -1560,7 +1560,7 @@ QTextCodec *QTextCodec::codecForHtml(const QByteArray &ba) */ QTextCodec *QTextCodec::codecForUtfText(const QByteArray &ba, QTextCodec *defaultCodec) { - const uint arraySize = ba.size(); + const int arraySize = ba.size(); if (arraySize > 3) { if ((uchar)ba[0] == 0x00 |