diff options
author | Olivier Goffart <olivier.goffart@nokia.com> | 2011-06-28 09:21:00 (GMT) |
---|---|---|
committer | Olivier Goffart <olivier.goffart@nokia.com> | 2011-06-28 13:34:12 (GMT) |
commit | be3bd368485d373e63b3e4ff5c7db2da1d119feb (patch) | |
tree | 493096d0cd1466eae8538a99ee6f3e49897f4a94 | |
parent | 7590cfcea9d40e59af8edd7cdd3d11ffbc5aaa04 (diff) | |
download | Qt-be3bd368485d373e63b3e4ff5c7db2da1d119feb.zip Qt-be3bd368485d373e63b3e4ff5c7db2da1d119feb.tar.gz Qt-be3bd368485d373e63b3e4ff5c7db2da1d119feb.tar.bz2 |
Fix invalid read in QUrl::removeAllEncodedQueryItems
The remove will detach the string making the query pointer invalid.
Note: the "test3" case is commented out because it does not remove
the & at the end, and i do not want to enforce this behaviour in the
test
Task-number: QTBUG-20065
Change-Id: I195c5c3b468f46c797c7c4f8075303f2b1f4724c
Reviewed-on: http://codereview.qt.nokia.com/822
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
(cherry picked from commit 2dd90a27a82289a5088b929c3bd27c1fd05967f6)
Conflicts:
tests/auto/qurl/tst_qurl.cpp
-rw-r--r-- | src/corelib/io/qurl.cpp | 1 | ||||
-rw-r--r-- | tests/auto/qurl/tst_qurl.cpp | 28 |
2 files changed, 26 insertions, 3 deletions
diff --git a/src/corelib/io/qurl.cpp b/src/corelib/io/qurl.cpp index 8813656..d551009 100644 --- a/src/corelib/io/qurl.cpp +++ b/src/corelib/io/qurl.cpp @@ -5466,6 +5466,7 @@ void QUrl::removeAllEncodedQueryItems(const QByteArray &key) if (end < d->query.size()) ++end; // remove additional '%' d->query.remove(pos, end - pos); + query = d->query.constData(); //required if remove detach; } else { pos = end + 1; } diff --git a/tests/auto/qurl/tst_qurl.cpp b/tests/auto/qurl/tst_qurl.cpp index b78679b..2fa193a 100644 --- a/tests/auto/qurl/tst_qurl.cpp +++ b/tests/auto/qurl/tst_qurl.cpp @@ -201,10 +201,9 @@ private slots: void task_240612(); void taskQTBUG_6962(); void taskQTBUG_8701(); + void removeAllEncodedQueryItems_data(); + void removeAllEncodedQueryItems(); -#ifdef QT3_SUPPORT - void dirPath(); -#endif }; // Testing get/set functions @@ -4031,5 +4030,28 @@ void tst_QUrl::effectiveTLDs() QCOMPARE(domain.topLevelDomain(), TLD); } +void tst_QUrl::removeAllEncodedQueryItems_data() +{ + QTest::addColumn<QUrl>("url"); + QTest::addColumn<QByteArray>("key"); + QTest::addColumn<QUrl>("result"); + + QTest::newRow("test1") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("bbb") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&ccc=c"); + QTest::newRow("test2") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("aaa") << QUrl::fromEncoded("http://qt.nokia.com/foo?bbb=b&ccc=c"); +// QTest::newRow("test3") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("ccc") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b"); + QTest::newRow("test4") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("b%62b") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c"); + QTest::newRow("test5") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&b%62b=b&ccc=c") << QByteArray("b%62b") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&ccc=c"); + QTest::newRow("test6") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&b%62b=b&ccc=c") << QByteArray("bbb") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&b%62b=b&ccc=c"); +} + +void tst_QUrl::removeAllEncodedQueryItems() +{ + QFETCH(QUrl, url); + QFETCH(QByteArray, key); + QFETCH(QUrl, result); + url.removeAllEncodedQueryItems(key); + QCOMPARE(url, result); +} + QTEST_MAIN(tst_QUrl) #include "tst_qurl.moc" |