From 4a1091f489ac3fee9efd81b0f1ffca4275725610 Mon Sep 17 00:00:00 2001 From: Thiago Macieira Date: Wed, 9 Dec 2020 10:32:03 -0800 Subject: [PATCH] QUrl: fix parsing of empty IPv6 addresses There's an assertion. Found by Google fuzz scan of CBOR data. Pick-to: 6.0 5.15 Change-Id: I55083c2909f64a1f8868fffd164f1ff3af71605b Reviewed-by: David Faure --- src/corelib/io/qurl.cpp | 6 ++++++ tests/auto/corelib/io/qurl/tst_qurl.cpp | 2 ++ 2 files changed, 8 insertions(+) diff --git a/src/corelib/io/qurl.cpp b/src/corelib/io/qurl.cpp index b019fe65a99..ba16be7424a 100644 --- a/src/corelib/io/qurl.cpp +++ b/src/corelib/io/qurl.cpp @@ -1261,10 +1261,16 @@ static const QChar *parseIp6(QString &host, const QChar *begin, const QChar *end zoneId = decoded.mid(zoneIdPosition + zoneIdIdentifier.size()); endBeforeZoneId = decoded.constBegin() + zoneIdPosition; + // was there anything after the zone ID separator? if (zoneId.isEmpty()) return end; } + // did the address become empty after removing the zone ID? + // (it might have always been empty) + if (decoded.constBegin() == endBeforeZoneId) + return end; + const QChar *ret = QIPAddressUtils::parseIp6(address, decoded.constBegin(), endBeforeZoneId); if (ret) return begin + (ret - decoded.constBegin()); diff --git a/tests/auto/corelib/io/qurl/tst_qurl.cpp b/tests/auto/corelib/io/qurl/tst_qurl.cpp index 45a311230f5..e46b6eb3292 100644 --- a/tests/auto/corelib/io/qurl/tst_qurl.cpp +++ b/tests/auto/corelib/io/qurl/tst_qurl.cpp @@ -1909,6 +1909,8 @@ void tst_QUrl::ipv6_data() QTest::addColumn("isValid"); QTest::addColumn("output"); + QTest::newRow("empty") << "//[]" << false << ""; + QTest::newRow("case 1") << QString::fromLatin1("//[56:56:56:56:56:56:56:56]") << true << "//[56:56:56:56:56:56:56:56]"; QTest::newRow("case 2") << QString::fromLatin1("//[::56:56:56:56:56:56:56]") << true