QMetaObject::normalizeSignature avoid reading past the string in case of invalid signature given.

If passed "a(b", qNormalizeType would return a pointer to the \0 at the end of the string. We would add \0 to the result (thinking it is ',' or ')' ) And continue to process the memory after the string. Reviewed-by: Kent Hansen Task-number: QT-1591
author: Olivier Goffart <olivier.goffart@nokia.com> 2010-08-10 08:54:26 (GMT)
committer: Olivier Goffart <olivier.goffart@nokia.com> 2010-08-10 11:01:52 (GMT)
commit: 2281a3a7a62a5a81de7fefaf0b84f130b16bd44f (patch)
tree: ab68f833eedc835679dc8417b76061cc4aeffd29 /src
parent: 989879ae23dd5e2d10d84d8308ec279a1aed762c (diff)
download: Qt-2281a3a7a62a5a81de7fefaf0b84f130b16bd44f.zip
Qt-2281a3a7a62a5a81de7fefaf0b84f130b16bd44f.tar.gz
Qt-2281a3a7a62a5a81de7fefaf0b84f130b16bd44f.tar.bz2
1 files changed, 4 insertions, 1 deletions
diff --git a/src/corelib/kernel/qmetaobject.cpp b/src/corelib/kernel/qmetaobject.cpp
index 79a38cd..9854e68 100644
--- a/src/corelib/kernel/qmetaobject.cpp
+++ b/src/corelib/kernel/qmetaobject.cpp
@@ -1009,8 +1009,11 @@ QByteArray QMetaObject::normalizedSignature(const char *method)
     int argdepth = 0;
     int templdepth = 0;
     while (*d) {
-        if (argdepth == 1)
+        if (argdepth == 1) {
             d = qNormalizeType(d, templdepth, result);
+            if (!*d) //most likely an invalid signature.
+                break;
+        }
         if (*d == '(')
             ++argdepth;
         if (*d == ')')
author	Olivier Goffart <olivier.goffart@nokia.com>	2010-08-10 08:54:26 (GMT)
committer	Olivier Goffart <olivier.goffart@nokia.com>	2010-08-10 11:01:52 (GMT)
commit	2281a3a7a62a5a81de7fefaf0b84f130b16bd44f (patch)
tree	ab68f833eedc835679dc8417b76061cc4aeffd29 /src
parent	989879ae23dd5e2d10d84d8308ec279a1aed762c (diff)
download	Qt-2281a3a7a62a5a81de7fefaf0b84f130b16bd44f.zip Qt-2281a3a7a62a5a81de7fefaf0b84f130b16bd44f.tar.gz Qt-2281a3a7a62a5a81de7fefaf0b84f130b16bd44f.tar.bz2