diff options
| author | Qt Continuous Integration System <qt-info@nokia.com> | 2011-12-01 00:48:39 (GMT) |
|---|---|---|
| committer | Qt Continuous Integration System <qt-info@nokia.com> | 2011-12-01 00:48:39 (GMT) |
| commit | f122bdc3014e9db00a747ad58042314cd868a762 (patch) | |
| tree | 7df70d5049d76f0fe89a28e322e0c4a7beed4ce8 /src | |
| parent | bb033b56ed2cd58fd51c891e759618cbe3b02c96 (diff) | |
| parent | e20eaed5c1968e32eca97cf449fa588cfab35a5d (diff) | |
| download | Qt-f122bdc3014e9db00a747ad58042314cd868a762.zip Qt-f122bdc3014e9db00a747ad58042314cd868a762.tar.gz Qt-f122bdc3014e9db00a747ad58042314cd868a762.tar.bz2 | |
Merge branch 'master' of scm.dev.nokia.troll.no:qt/oslo-staging-1 into master-integration
* 'master' of scm.dev.nokia.troll.no:qt/oslo-staging-1:
Fix stack overwrite in QDBusDemarshaller
Qt Linguist: Fix crashes
fixed error generating wrong introspection string in header output file
Diffstat (limited to 'src')
| -rw-r--r-- | src/dbus/qdbusdemarshaller.cpp | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/dbus/qdbusdemarshaller.cpp b/src/dbus/qdbusdemarshaller.cpp index d9bb5b5..4103552 100644 --- a/src/dbus/qdbusdemarshaller.cpp +++ b/src/dbus/qdbusdemarshaller.cpp @@ -48,10 +48,28 @@ QT_BEGIN_NAMESPACE template <typename T> static inline T qIterGet(DBusMessageIter *it) { - T t; - q_dbus_message_iter_get_basic(it, &t); + // Use a union of expected and largest type q_dbus_message_iter_get_basic + // will return to ensure reading the wrong basic type does not result in + // stack overwrite + union { + // The value to be extracted + T t; + // Largest type that q_dbus_message_iter_get_basic will return + // according to dbus_message_iter_get_basic API documentation + dbus_uint64_t maxValue; + // A pointer to ensure no stack overwrite in case there is a platform + // where sizeof(void*) > sizeof(dbus_uint64_t) + void* ptr; + } value; + + // Initialize the value in case a narrower type is extracted to it. + // Note that the result of extracting a narrower type in place of a wider + // one and vice-versa will be platform-dependent. + value.t = T(); + + q_dbus_message_iter_get_basic(it, &value); q_dbus_message_iter_next(it); - return t; + return value.t; } QDBusDemarshaller::~QDBusDemarshaller() |