QUrl: fix parsing of empty IPv6 addresses

There's an assertion. Found by Google fuzz scan of CBOR data. Pick-to: 6.0 5.15 Change-Id: I55083c2909f64a1f8868fffd164f1ff3af71605b Reviewed-by: David Faure <david.faure@kdab.com>
2020-12-09 10:32:03 -08:00 · 2020-12-09 10:32:03 -08:00 · 4a1091f489
commit 4a1091f489
parent 2bed336599
2 changed files with 8 additions and 0 deletions
--- a/src/corelib/io/qurl.cpp
+++ b/src/corelib/io/qurl.cpp
@ -1261,10 +1261,16 @@ static const QChar *parseIp6(QString &host, const QChar *begin, const QChar *end
        zoneId = decoded.mid(zoneIdPosition + zoneIdIdentifier.size());
        endBeforeZoneId = decoded.constBegin() + zoneIdPosition;

+        // was there anything after the zone ID separator?
        if (zoneId.isEmpty())
            return end;
    }

+    // did the address become empty after removing the zone ID?
+    // (it might have always been empty)
+    if (decoded.constBegin() == endBeforeZoneId)
+        return end;
+
    const QChar *ret = QIPAddressUtils::parseIp6(address, decoded.constBegin(), endBeforeZoneId);
    if (ret)
        return begin + (ret - decoded.constBegin());
--- a/tests/auto/corelib/io/qurl/tst_qurl.cpp
+++ b/tests/auto/corelib/io/qurl/tst_qurl.cpp
@ -1909,6 +1909,8 @@ void tst_QUrl::ipv6_data()
    QTest::addColumn<bool>("isValid");
    QTest::addColumn<QString>("output");

+    QTest::newRow("empty") << "//[]" << false << "";
+
    QTest::newRow("case 1") << QString::fromLatin1("//[56:56:56:56:56:56:56:56]") << true
                            << "//[56:56:56:56:56:56:56:56]";
    QTest::newRow("case 2") << QString::fromLatin1("//[::56:56:56:56:56:56:56]") << true