1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix invalid read in QUrl::removeAllEncodedQueryItems

Browse Source 
The remove will detach the string making the query pointer invalid.

Note: the "test3" case is commented out because it does not remove
the & at the end, and i do not want to enforce this behaviour in the
test

Task-number: QTBUG-20065
Change-Id: I195c5c3b468f46c797c7c4f8075303f2b1f4724c
Reviewed-on: http://codereview.qt.nokia.com/822
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
This commit is contained in:
Olivier Goffart 2011-06-28 11:21:00 +02:00 committed by Qt by Nokia
parent 563ec6c690
commit 2dd90a27a8
2 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/corelib/io/qurl.cpp
View File

@ -5466,6 +5466,7 @@ void QUrl::removeAllEncodedQueryItems(const QByteArray &key)
if (end < d->query.size())
++end; // remove additional '%'
d->query.remove(pos, end - pos);
query = d->query.constData(); //required if remove detach;
} else {
pos = end + 1;
}

25
tests/auto/qurl/tst_qurl.cpp
View File

@ -201,6 +201,8 @@ private slots:
void task_240612();
void taskQTBUG_6962();
void taskQTBUG_8701();
void removeAllEncodedQueryItems_data();
void removeAllEncodedQueryItems();
};
// Testing get/set functions
@ -4020,5 +4022,28 @@ void tst_QUrl::effectiveTLDs()
QCOMPARE(domain.topLevelDomain(), TLD);
}
void tst_QUrl::removeAllEncodedQueryItems_data()
{
QTest::addColumn<QUrl>("url");
QTest::addColumn<QByteArray>("key");
QTest::addColumn<QUrl>("result");
QTest::newRow("test1") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("bbb") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&ccc=c");
QTest::newRow("test2") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("aaa") << QUrl::fromEncoded("http://qt.nokia.com/foo?bbb=b&ccc=c");
// QTest::newRow("test3") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("ccc") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b");
QTest::newRow("test4") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("b%62b") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c");
QTest::newRow("test5") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&b%62b=b&ccc=c") << QByteArray("b%62b") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&ccc=c");
QTest::newRow("test6") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&b%62b=b&ccc=c") << QByteArray("bbb") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&b%62b=b&ccc=c");
}
void tst_QUrl::removeAllEncodedQueryItems()
{
QFETCH(QUrl, url);
QFETCH(QByteArray, key);
QFETCH(QUrl, result);
url.removeAllEncodedQueryItems(key);
QCOMPARE(url, result);
}
QTEST_MAIN(tst_QUrl)
#include "tst_qurl.moc"