summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOlivier Goffart <olivier.goffart@nokia.com>2011-06-28 09:21:00 (GMT)
committerOlivier Goffart <olivier.goffart@nokia.com>2011-06-28 13:34:12 (GMT)
commitbe3bd368485d373e63b3e4ff5c7db2da1d119feb (patch)
tree493096d0cd1466eae8538a99ee6f3e49897f4a94
parent7590cfcea9d40e59af8edd7cdd3d11ffbc5aaa04 (diff)
downloadQt-be3bd368485d373e63b3e4ff5c7db2da1d119feb.zip
Qt-be3bd368485d373e63b3e4ff5c7db2da1d119feb.tar.gz
Qt-be3bd368485d373e63b3e4ff5c7db2da1d119feb.tar.bz2
Fix invalid read in QUrl::removeAllEncodedQueryItems
The remove will detach the string making the query pointer invalid. Note: the "test3" case is commented out because it does not remove the & at the end, and i do not want to enforce this behaviour in the test Task-number: QTBUG-20065 Change-Id: I195c5c3b468f46c797c7c4f8075303f2b1f4724c Reviewed-on: http://codereview.qt.nokia.com/822 Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com> Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com> (cherry picked from commit 2dd90a27a82289a5088b929c3bd27c1fd05967f6) Conflicts: tests/auto/qurl/tst_qurl.cpp
-rw-r--r--src/corelib/io/qurl.cpp1
-rw-r--r--tests/auto/qurl/tst_qurl.cpp28
2 files changed, 26 insertions, 3 deletions
diff --git a/src/corelib/io/qurl.cpp b/src/corelib/io/qurl.cpp
index 8813656..d551009 100644
--- a/src/corelib/io/qurl.cpp
+++ b/src/corelib/io/qurl.cpp
@@ -5466,6 +5466,7 @@ void QUrl::removeAllEncodedQueryItems(const QByteArray &key)
if (end < d->query.size())
++end; // remove additional '%'
d->query.remove(pos, end - pos);
+ query = d->query.constData(); //required if remove detach;
} else {
pos = end + 1;
}
diff --git a/tests/auto/qurl/tst_qurl.cpp b/tests/auto/qurl/tst_qurl.cpp
index b78679b..2fa193a 100644
--- a/tests/auto/qurl/tst_qurl.cpp
+++ b/tests/auto/qurl/tst_qurl.cpp
@@ -201,10 +201,9 @@ private slots:
void task_240612();
void taskQTBUG_6962();
void taskQTBUG_8701();
+ void removeAllEncodedQueryItems_data();
+ void removeAllEncodedQueryItems();
-#ifdef QT3_SUPPORT
- void dirPath();
-#endif
};
// Testing get/set functions
@@ -4031,5 +4030,28 @@ void tst_QUrl::effectiveTLDs()
QCOMPARE(domain.topLevelDomain(), TLD);
}
+void tst_QUrl::removeAllEncodedQueryItems_data()
+{
+ QTest::addColumn<QUrl>("url");
+ QTest::addColumn<QByteArray>("key");
+ QTest::addColumn<QUrl>("result");
+
+ QTest::newRow("test1") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("bbb") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&ccc=c");
+ QTest::newRow("test2") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("aaa") << QUrl::fromEncoded("http://qt.nokia.com/foo?bbb=b&ccc=c");
+// QTest::newRow("test3") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("ccc") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b");
+ QTest::newRow("test4") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("b%62b") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c");
+ QTest::newRow("test5") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&b%62b=b&ccc=c") << QByteArray("b%62b") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&ccc=c");
+ QTest::newRow("test6") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&b%62b=b&ccc=c") << QByteArray("bbb") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&b%62b=b&ccc=c");
+}
+
+void tst_QUrl::removeAllEncodedQueryItems()
+{
+ QFETCH(QUrl, url);
+ QFETCH(QByteArray, key);
+ QFETCH(QUrl, result);
+ url.removeAllEncodedQueryItems(key);
+ QCOMPARE(url, result);
+}
+
QTEST_MAIN(tst_QUrl)
#include "tst_qurl.moc"