projects / profile / ivi / qtbase.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 563ec6c)
Fix invalid read in QUrl::removeAllEncodedQueryItems
authorOlivier Goffart <olivier.goffart@nokia.com>
Tue, 28 Jun 2011 09:21:00 +0000 (11:21 +0200)
committerQt by Nokia <qt-info@nokia.com>
Tue, 28 Jun 2011 10:10:30 +0000 (12:10 +0200)
The remove will detach the string making the query pointer invalid.

Note: the "test3" case is commented out because it does not remove
the & at the end, and i do not want to enforce this behaviour in the
test

Task-number: QTBUG-20065
Change-Id: I195c5c3b468f46c797c7c4f8075303f2b1f4724c
Reviewed-on: http://codereview.qt.nokia.com/822
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
src/corelib/io/qurl.cpp patch | blob | history
tests/auto/qurl/tst_qurl.cpp patch | blob | history

diff --git a/src/corelib/io/qurl.cpp b/src/corelib/io/qurl.cpp
index 8813656..d551009 100644 (file)
--- a/src/corelib/io/qurl.cpp
+++ b/src/corelib/io/qurl.cpp
@@ -5466,6 +5466,7 @@ void QUrl::removeAllEncodedQueryItems(const QByteArray &key)
             if (end < d->query.size())
                 ++end; // remove additional '%'
             d->query.remove(pos, end - pos);
+            query = d->query.constData(); //required if remove detach;
         } else {
             pos = end + 1;
         }
diff --git a/tests/auto/qurl/tst_qurl.cpp b/tests/auto/qurl/tst_qurl.cpp
index 4aa7185..d7f7742 100644 (file)
--- a/tests/auto/qurl/tst_qurl.cpp
+++ b/tests/auto/qurl/tst_qurl.cpp
@@ -201,6 +201,8 @@ private slots:
     void task_240612();
     void taskQTBUG_6962();
     void taskQTBUG_8701();
+    void removeAllEncodedQueryItems_data();
+    void removeAllEncodedQueryItems();
 };
 
 // Testing get/set functions
@@ -4020,5 +4022,28 @@ void tst_QUrl::effectiveTLDs()
     QCOMPARE(domain.topLevelDomain(), TLD);
 }
 
+void tst_QUrl::removeAllEncodedQueryItems_data()
+{
+    QTest::addColumn<QUrl>("url");
+    QTest::addColumn<QByteArray>("key");
+    QTest::addColumn<QUrl>("result");
+
+    QTest::newRow("test1") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("bbb") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&ccc=c");
+    QTest::newRow("test2") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("aaa") << QUrl::fromEncoded("http://qt.nokia.com/foo?bbb=b&ccc=c");
+//    QTest::newRow("test3") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("ccc") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b");
+    QTest::newRow("test4") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c") << QByteArray("b%62b") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&bbb=b&ccc=c");
+    QTest::newRow("test5") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&b%62b=b&ccc=c") << QByteArray("b%62b") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&ccc=c");
+    QTest::newRow("test6") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&b%62b=b&ccc=c") << QByteArray("bbb") << QUrl::fromEncoded("http://qt.nokia.com/foo?aaa=a&b%62b=b&ccc=c");
+}
+
+void tst_QUrl::removeAllEncodedQueryItems()
+{
+    QFETCH(QUrl, url);
+    QFETCH(QByteArray, key);
+    QFETCH(QUrl, result);
+    url.removeAllEncodedQueryItems(key);
+    QCOMPARE(url, result);
+}
+
 QTEST_MAIN(tst_QUrl)
 #include "tst_qurl.moc"
Domain: UI Framework / Uncategorized;