CBOR/JSON: fix crash when comparing strings with different length

Amends 8e5ce9cd369230256045864d6fad38dbd8bee413, which introduced the QtPrivate::equalStrings() call. At that time, equalStrings() had already required equal lengths (see 1560e0161af70b5cf88a70e55c0b502612d433cd), so no excuse. [ChangeLog][QtCore][QCborMap and QJsonObject] Fixed bug that could result in a crash or failing to find a entry in the map/object with non- ASCII keys. Manual conflict resolution for 6.9: - Port from keyView() to key(), because the former is a 6.10+ feature. Fixes: QTBUG-133744 Change-Id: I6b0f8b0a2e47d3ef905afffda6c4c079814a0914 Reviewed-by: Marc Mutz <marc.mutz@qt.io> (cherry picked from commit 54daec43a041cb69cff31cbfd1dd0b7127e8ba87) (cherry picked from commit 8e94b67ba11fecfee134950eaae5c5b29812e82c) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit d4a90a3f3013eae4e837fbd2df63d5803f19608a)
2025-02-13 09:45:28 -08:00 · 2025-02-13 09:45:28 -08:00 · c07c2d5a52
commit c07c2d5a52
parent e9fef44c65
3 changed files with 61 additions and 2 deletions
--- a/src/corelib/serialization/qcborvalue_p.h
+++ b/src/corelib/serialization/qcborvalue_p.h
@ -362,8 +362,8 @@ public:

        if (e.flags & QtCbor::Element::StringIsUtf16) {
            if (mode == QtCbor::Comparison::ForEquality)
-                return QtPrivate::equalStrings(b->asStringView(), s) ? 0 : 1;
-            return QtPrivate::compareStrings(b->asStringView(), s);
+                return b->asStringView() == s ? 0 : 1;
+            return b->asStringView().compare(s);
        }
        return compareUtf8(b, s);
    }
--- a/tests/auto/corelib/serialization/json/tst_qtjson.cpp
+++ b/tests/auto/corelib/serialization/json/tst_qtjson.cpp
@ -41,6 +41,7 @@ private Q_SLOTS:
    void testObjectTakeDetach();
    void testObjectSmallKeys();
    void testObjectInsertCopies();
+    void testObjectInsertNonAscii();
    void testArraySimple();
    void testArrayInsertCopies();
    void testValueObject();
@ -714,6 +715,22 @@ void tst_QtJson::testObjectInsertCopies()
    }
 }

+void tst_QtJson::testObjectInsertNonAscii()
+{
+    {
+        QJsonObject myObject;
+        myObject.insert("k♭", "First key");
+        myObject.insert("a", "Second key");
+        QCOMPARE(myObject.begin().key(), "a");
+    }
+    {
+        QJsonObject myObject;
+        myObject.insert("a", "Second key");
+        myObject.insert("k♭", "First key");
+        QCOMPARE(myObject.begin().key(), "a");
+    }
+}
+
 void tst_QtJson::testArraySimple()
 {
    QJsonArray array;
--- a/tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp
+++ b/tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp
@ -74,6 +74,7 @@ private slots:
    void mapMutateWithCopies();
    void mapStringValues();
    void mapStringKeys();
+    void mapStringKeysNonAscii();
    void mapValueRef_data() { basics_data(); }
    void mapValueRef();
    void mapInsertRemove_data() { basics_data(); }
@ -1529,6 +1530,47 @@ void tst_QCborValue::mapStringKeys()
    QVERIFY(m2.value(QCborValue(QByteArray("foo"))).isUndefined());
    QVERIFY(m.value(QCborValue(QLatin1String("foo"))).isUndefined());
    QCOMPARE(m.value(QCborValue(QByteArray("foo"))).toString(), "bar");
+
+    m.insert(u"World"_s, QCborValue(3));    // replaces
+    QCOMPARE(m.size(), 3);
+    QCOMPARE(m.value(u"World"_s), QCborValue(3));
+    QCOMPARE(m.value("World"_L1), QCborValue(3));
+
+    m.insert(u"Hello"_s, QCborValue(4));    // replaces (must match Latin1)
+    QCOMPARE(m.size(), 3);
+    QCOMPARE(m.value(u"Hello"_s), QCborValue(4));
+    QCOMPARE(m.value("Hello"_L1), QCborValue(4));
+}
+
+void tst_QCborValue::mapStringKeysNonAscii()
+{
+    {
+        QCborMap m;
+        m["a"_L1] = 1;          // US-ASCII: 1 UTF-8 & UTF-16 code unit
+        m["\xE9"_L1] = 2;       // Latin-1: 2 UTF-8 code units, 1 UTF-16
+        m[u"ü"_s] = 3;          // ditto, but inserted as UTF-16
+        m[u"♭"_s] = 4;          // BMP over U+07FF: 3 UTF-8 code units, 1 UTF-16
+        m[u"\U00010000"_s] = 5; // non-BMP: 4 UTF-8 code units, 2 UTF-16
+
+        QCOMPARE(m.size(), 5);
+        QCOMPARE(m.value(u"a"_s), 1);
+        QCOMPARE(m.value(u"é"_s), 2);
+        QCOMPARE(m.value("\xFC"_L1), 3);
+
+        QCOMPARE(m.value(u"k♭"_s), QCborValue());
+        QCOMPARE(m.value("foo"_L1), QCborValue());
+    }
+    {
+        QCborMap m;
+        m[u"k♭"_s] = 1;
+        m[u"a"_s] = 2;
+        m[u"\U00010000"_s] = 3;
+
+        QCOMPARE(m.size(), 3);
+        QCOMPARE(m.value(u"b"_s), QCborValue());
+        QCOMPARE(m.value(u"♭"_s), QCborValue());
+        QCOMPARE(m.value("foo"_L1), QCborValue());
+    }
 }

 void tst_QCborValue::mapInsertRemove()