From 637d207e397c13c09a8dcbd718ee85bce2548e90 Mon Sep 17 00:00:00 2001 From: Frank Osterfeld Date: Thu, 5 Aug 2010 13:42:58 +0200 Subject: QDom: Do not crash on "text" "a:" is not a valid tagname. The function creating the element node notices that and returns 0, but the parser ignores it and continues, and then crashes later when processing the "text". This patch aborts the parsing immediately when creating the element node failed and fixes the crash. Merge-request: 2431 Reviewed-by: Olivier Goffart --- src/xml/dom/qdom.cpp | 6 ++++-- tests/auto/qdom/tst_qdom.cpp | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/xml/dom/qdom.cpp b/src/xml/dom/qdom.cpp index 1267e7e..662c796 100644 --- a/src/xml/dom/qdom.cpp +++ b/src/xml/dom/qdom.cpp @@ -7418,8 +7418,10 @@ bool QDomHandler::startElement(const QString& nsURI, const QString&, const QStri n = doc->createElement(qName); } - if (n) - n->setLocation(locator->lineNumber(), locator->columnNumber()); + if (!n) + return false; + + n->setLocation(locator->lineNumber(), locator->columnNumber()); node->appendChild(n); node = n; diff --git a/tests/auto/qdom/tst_qdom.cpp b/tests/auto/qdom/tst_qdom.cpp index 0f6cdaa..8bf7620 100644 --- a/tests/auto/qdom/tst_qdom.cpp +++ b/tests/auto/qdom/tst_qdom.cpp @@ -1776,6 +1776,7 @@ void tst_QDom::crashInSetContent() const QDomImplementation::setInvalidDataPolicy(QDomImplementation::ReturnNullNode); QDomDocument docImport; + QCOMPARE(docImport.setContent(QLatin1String("text"), true), false); QVERIFY(docImport.setContent(QLatin1String(""))); } -- cgit v0.12