QCborValue: check parsing of invalid URL

QUrl will reject invalid URLs for us, so we don't get normalization. The
original junk should be retrievable, of course.

Change-Id: Ibdc95e9af7bd456a94ecfffd160610f5b2c8e1a2
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>

src/corelib/serialization/qcborvalue.cpp

@@ -827,9 +827,11 @@ static QCborValue::Type convertToExtendedType(QCborContainerPrivate *d)
                 // normalize to a short (decoded) form, so as to save space
                 QUrl url(e.flags & Element::StringIsUtf16 ?
                              b->asQStringRaw() :
-                             b->toUtf8String());
-                QByteArray encoded = url.toString(QUrl::DecodeReserved).toUtf8();
-                replaceByteData(encoded, encoded.size(), {});
+                             b->toUtf8String(), QUrl::StrictMode);
+                if (url.isValid()) {
+                    QByteArray encoded = url.toString(QUrl::DecodeReserved).toUtf8();
+                    replaceByteData(encoded, encoded.size(), {});
+                }
             }
             return QCborValue::Url;
         }

tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp

@@ -2053,6 +2053,14 @@ void tst_QCborValue::extendedTypeValidation_data()
             qSwap(c, dt[i]);
         }
     }
+
+    // Improperly-encoded URLs
+    {
+        const char badurl[] = "%zz";
+        QTest::newRow("Url:Invalid")
+                << encode(0xd8, int(QCborKnownTags::Url), 0x60 + int(strlen(badurl)), badurl)
+                << QCborValue(QCborKnownTags::Url, QLatin1String(badurl));
+    }
 }
 
 void tst_QCborValue::extendedTypeValidation()