diff options
author | Peter Hartmann <peter.hartmann@nokia.com> | 2010-04-23 14:12:10 (GMT) |
---|---|---|
committer | Peter Hartmann <peter.hartmann@nokia.com> | 2010-04-27 13:27:10 (GMT) |
commit | 0948393df9b9046db5c3c92a12698aee056d8483 (patch) | |
tree | b1a8dba2cd9c4d5aaa3971369694ef6486c1495d /tests/auto/qxmlstream | |
parent | daf16a0f6e495aed4e8b68bd4b3fb2eff1c90969 (diff) | |
download | Qt-0948393df9b9046db5c3c92a12698aee056d8483.zip Qt-0948393df9b9046db5c3c92a12698aee056d8483.tar.gz Qt-0948393df9b9046db5c3c92a12698aee056d8483.tar.bz2 |
fix crash in QXmlStreamReader
this fixes a possible off-by-one data corruption which apparently is
only triggered in rare circumstances.
The problem was: We were checking whether we would need to reallocate
the stack (line 1245), but sometimes were incrementing tos (line 1278)
and then accessing the state stack at an out-of-bounds position (line
1951).
Additionally, adapt the qlalr generator for changes made to
qxmlstream_p.h directly and recreate that file with qlalr.
Reviewed-by: Frans Englich
Reviewed-by: Roberto Raggi
Task-number: QTBUG-9196
Diffstat (limited to 'tests/auto/qxmlstream')
-rw-r--r-- | tests/auto/qxmlstream/tst_qxmlstream.cpp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/tests/auto/qxmlstream/tst_qxmlstream.cpp b/tests/auto/qxmlstream/tst_qxmlstream.cpp index 27ae089..3c5358c 100644 --- a/tests/auto/qxmlstream/tst_qxmlstream.cpp +++ b/tests/auto/qxmlstream/tst_qxmlstream.cpp @@ -569,6 +569,7 @@ private slots: void clear() const; void checkCommentIndentation() const; void checkCommentIndentation_data() const; + void qtbug9196_crash() const; private: static QByteArray readFile(const QString &filename); @@ -1528,5 +1529,16 @@ void tst_QXmlStream::checkCommentIndentation() const // task 256468 QCOMPARE(output, expectedOutput); } +void tst_QXmlStream::qtbug9196_crash() const +{ + // the following input used to produce a crash in the stream reader + QByteArray ba("<a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a>" + "<a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a><a></a>"); + QXmlStreamReader xml(ba); + while (!xml.atEnd()) { + xml.readNext(); + } +} + #include "tst_qxmlstream.moc" // vim: et:ts=4:sw=4:sts=4 |