1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

QXmlStream: sanitize input before building a QChar

Browse Source 
The result of getChar() may be a combination of a token category
and a code unit, like `((LETTER << 16) | c)`. Constructing a
QChar out of it requires masking the category out. This was already
done in a few code paths but missing in others.

Change-Id: I186fb01973a1badd425b3a6811843d8a40b13a6a
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
This commit is contained in:
Giuseppe D'Angelo 2020-11-18 12:20:01 +01:00
parent be0f1af3f1
commit c149fd232d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/corelib/serialization/qxmlstream.cpp
View File

@ -1189,7 +1189,7 @@ inline int QXmlStreamReaderPrivate::fastScanLiteralContent()
putChar(c); putChar(c);
return n; return n;
} }
textBuffer += QChar(c); textBuffer += QChar(ushort(c));
++n; ++n;
} }
} }
@ -1345,7 +1345,7 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
} }
Q_FALLTHROUGH(); Q_FALLTHROUGH();
default: default:
textBuffer += QChar(c); textBuffer += QChar(ushort(c));
++n; ++n;
} }
} }