| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's redundant; the repeated values clearly show that the version
doesn't necessarily change with each Qt release:
Constant Value
QDataStream::Qt_6_5 Qt_6_0
QDataStream::Qt_6_6 21
QDataStream::Qt_6_7 22
QDataStream::Qt_6_8 Qt_6_7
This also makes updating the enum values simpler, and avoids bugs like
QTBUG-116886.
Fixes: QTBUG-116886
Pick-to: 6.10 6.8 6.5
Change-Id: Ie89c29417e5c901f693f0fcc1906fde46f39d27e
Reviewed-by: Kai Köhne <kai.koehne@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ought to fix Clang 21 -Wcharacter-conversion in this function.
Instead of storing the initial *ptr in r.c (a char32_t) and then
narrowing it back to char16_t for the call to
QChar::surrogateToUcs4(), store it in a separate variable and
construct an R only in the return statement.
Also move the len = 1 return from the end of the function to the
(inverted) if (c < 0x80) near the start of the function.
This is less assmebler-esque, so might execute slower (though it's all
values, so the optimizer should have no problem rewirting this to the
old code, if that was faster), but is much easier to read, which is
not the sneezed at in a security-critical component.
Amends d4c7da9a07dc1434692fe08a61ba22c794574c4f.
Pick-to: 6.10 6.8 6.5
Change-Id: I1ce610fa80e3d874106c9c5b3a1d50bf99f39732
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Ahmad Samir <a.samirh78@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Change it to qint64 in Qt7, as requested in code review, so as to make
it easier to extend it in the future.
Pick-to: 6.10 6.8 6.5
Change-Id: If893d719dd0457fac46fdd37ff95ce95222b1858
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The .gitignore file is obviously insignificant. The file format allows
comments, so mark it. Invent a new reason string for that.
The shell script is also insignificant. While it runs qlalr for the
security-critical QtXmlStream classes, as a build-tool, it's not
security-critical itself, and, unlike e.g. util/normalize/main.cpp, it
doesn't itself contain code that ends up being compiled. Invent a new
reason string for that.
This completes the review of src/corelib/serialization:
$ for i in $(find src/corelib/serialization -type f); do
if ! grep -qE '^ *(//|#) *Qt[ -]Security +score:' "$i"; then
echo "$i"
fi
done
<nothing>
QUIP: 23
Fixes: QTBUG-135194
Pick-to: 6.10 6.8
Change-Id: Id5d18244fe0e9d18b8891500a3a946ac530671a4
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They only contain declarations; qcborstream.h only includes other
headers without interfering with their contents, so even though the
components are security-critical, these headers get the
header-decls-only get-out-of-jail-free card.
Amends cd4813a3c304a6d9d5d8096d91a8fc297818d624.
QUIP: 23
Task-number: QTBUG-135194
Pick-to: 6.10 6.8
Change-Id: I67bf7f8c1fdc5e6881df37207236eb3c294535ab
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This might be a bit controversial, but this header configures the API
of TinyCBor for use in Qt, so it's not just declarations. TinyCBor, as
third-party component, is listed as security-critical in its
qt_attribution.json, so I opted to mark the glue code as critial, too.
Amends cd4813a3c304a6d9d5d8096d91a8fc297818d624.
QUIP: 23
Task-number: QTBUG-135194
Pick-to: 6.10 6.8
Change-Id: I0042a8677eff716eb1924dfc211c740d164029cd
Reviewed-by: Matthias Rauter <matthias.rauter@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
QJsonArray/Map are, too, because the whole resp. component is, and the
implementation in those two files cannot be said to be trivial.
Amends cd4813a3c304a6d9d5d8096d91a8fc297818d624.
QUIP: 23
Task-number: QTBUG-135194
Pick-to: 6.10 6.8
Change-Id: I08dfc1dc1f917832f0cd24d3b575095c5e930a4d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Amends commit e3c290e1947515992821e6bf97d74d65c9254271, which missed
this. The guard is necessary to prevent a connection attempt with a
nullptr when QTextStream::setDevice(QIODevice*) is called with a nullptr
as a means to dissociate it from its current device without attaching it
to a new one.
Pick-to: 6.10
Change-Id: I51d417fc9d3549b60c1f9e3e5b35e26b2d8fb1a9
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
Also make certain links specific to avoid ambiguity.
Pick-to: 6.9 6.10
Change-Id: I77499a1c9c4f4356e2f9957092c16c6572a13569
Task-number: QTBUG-137048
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
|
| |
|
|
|
|
|
|
|
| |
While testing defining Q_DECL_PURE_FUNCTION for MSVC I discovered
it cannot handle having the marker trailing, while GCC/clang can cope
with either.
Change-Id: Ic9dd088996c191263e2f2a43c2f6a16533bdb9c5
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `index` member is a quint64 bitfield, so on 32-bit platforms,
where qsizetype is just int, the return expression, indeed, narrows,
causing warnings, which may break the build if -Werror is in effect
(either for the Qt build itself, or, seeing as this is a public
header, for user projects).
Pick-to: 6.10 6.9 6.8 6.5
Task-number: QTBUG-139951
Change-Id: I06602ce85234207cf90e1acbbbba4d89998ac399
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On 32-bit platforms qsizetype is int, so assigning a qint64 to it
narrows.
It's benign, because we perform the overflow check in the next line,
but that doesn't help -Werror.
Fix by making the narrowing explicit. As a drive-by, mark `n` const.
Amends fd48ce0b73c74dafd5db27bc1f2752ef665df7ef.
Reported-by: Karim Pinter <karim.pinter@qt.io>
Pick-to: 6.10 6.9 6.8
Change-Id: I14d95c54c501df14a0b76d11262f22605fbb583b
Reviewed-by: Øystein Heskestad <oystein.heskestad@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Can't say this makes the function much simpler, and I didn't find a
Coverity issue about this use, but be consistent and use the new
function here, too. Besides, if we port Parser to qchar8_t, then it
will be simpler, and we might be able to remove the scanUtf8 function
completely.
Pick-to: 6.10 6.9 6.8
Change-Id: Ib6fa7aac14b942b4002163dccc77513a71378ea1
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Coverity had an issue with how we called this function to get the next
character from a UTF-8 sequence. In particular, it complained about
passing the address of a char32_t object to fromUtf8(), which "treats
it as an array", as Coverity notes.
The C++ standard says this is fine¹, but callers of this function,
specifically, are almost by definition security-critical, so we
shouldn't leave Coverity issues unfixed in them.
The fix is to use an array of one element instead: char32_t[1].
We have already applied this fix in qstring.cpp
(4eb9e0d3eedfc1b6de968308167af01b19f6ffe7) and qurlrecode.cpp
(7a32a2238f52217bc4f0dc4c9620a2a2d350a1ca), but there are more cases
in QXmlStream and QStringConverter, some of which this patch fixes.
In order to simplify the task, package up the fix in a small function
for easier reuse and so that the proverbial maintenance programmer is
less likely to undo these fixes again. Incidentally, this function
makes those callers that can use it much more readable than before.
Many other calls (incl. the one in qurlrecode.cpp and some others in
qstringconverter.cpp) cannot be ported over, as they are using the
return value of fromUtf8(), or have already advanced the input pointer
themselves when they call fromUtf8().
Amends 94c62e322264e2e7d61193ae74ba8556a330385c,
ea0a08c898fed9cfd8d8eb16613e352740d3eb02 and
b977ae371a753a82e1d0bb32c5b62099da663721.
¹ https://eel.is/c++draft/basic.compound#3.sentence-11
Pick-to: 6.10 6.9 6.8
Coverity-Id: 378348
Coverity-Id: 403740
Coverity-Id: 403748
Coverity-Id: 459945
Change-Id: I4957ea2ee7b6e0e9c361eb2bcd4351708762a6e9
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old code passed the QByteArray's size() to the
QJsonPrivate::Parser ctor's length argument, which, however, was still
'int', truncating. Making matters worse, the Parser ctor only used the
length to calculate an end iterator.
Fix by passing by QUtf8StringView. This also indicates that the Parser
expects UTF-8 input (and not Latin1, e.g.).
As a drive-by, make the Parser ctor explicit.
[ChangeLog][QtCore][QJsonDocument/QJsonValue] Fixed a bug on 64-bit
platforms where fromJson(QByteArray) could report one of the
Unterminated errors for valid input whose size merely exceeded INT_MAX
(2GiB).
Amends the port of QByteArray to qsizetype (Qt 6.0, didn't check exact
commit).
Pick-to: 6.10 6.9 6.8 6.5
Task-number: QTBUG-103541
Change-Id: I3e4f7c098a98e8840e15ff6cc63bee2121118129
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
| |
Pick-to: 6.10
Change-Id: Ibfd907bf8ea80063cb896d2ba36cfd2a2ebfa241
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Decoder::operator() already returns a proper struct with named
members, so decomposing that using SB can do no good, except
introducing a dependency on the order of the struct, which is
counter-productive.
Fix by receiving the result in a proper variable and using the
struct's member names.
Amends 53622aca2ad0d13bd16d8307dc28f915c8878b75.
The idea may have been to avoid churning the surrounding code, but
follow-up c08766abf2267f4eeda159c5688309d22d319722 touched all
lines using the result, anyway, so we don't need SB anymore to
keep the old names.
Pick-to: 6.10
Change-Id: I2890754c2c2189cc2fa395f4500ca6c3cb115d7d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
The condition is a compile-time constant expression, so we can check
it at compile-time. No run-time check needed.
Amends 53622aca2ad0d13bd16d8307dc28f915c8878b75.
Pick-to: 6.10
Change-Id: Ia73dd99c3670a279ec7f740eecd623d51ae647d4
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
| |
StreamEOF is an enum, but compared against uint instances, emitting signed/unsigned comparison warnings when building with clang.exe using the MSVC ABI. Using a constexpr variable of the correct type to fix the warning.
Pick-to: 6.10
Change-Id: I1fd29e0bcc46fc8a75c7024605ba68f68df82af4
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Amends 53622aca2ad0d13bd16d8307dc28f915c8878b75.
Found in 6.10 API review.
Pick-to: 6.10
Change-Id: Ib53d4306f6345befd39d1273ae44997b41163b78
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Reviewed-by: Magdalena Stojek <magdalena.stojek@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
There is no QObject subclass in qtextstream_p.h anymore.
Amends e3c290e1947515992821e6bf97d74d65c9254271.
Pick-to: 6.10
Change-Id: If0d3030cbbc3306cd71dfcb793c89379611749e7
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The bool number = false parameter of putString() overloads is not only
a classical Bool Trap (ie. doesn't give any hint to the reader of a
call what 'true' or 'false' means), it also, in combination with the
(ptr, n, bool=false) and (view, bool=false) overloading may cause a
(ptr, n) argument list to accidentally match (view, number) instead:
if decltype(ptr) isn't (const) QChar*, but one of the views accepts
the type in it's (Char*) ctor, the call might be solved as (View(ptr),
bool number(n)).
This is not acceptable for a security-critical component.
To fix, introduce a strong enum, PutStringMode { String, Number } to
replace the bool. Only after this change it is safe to remove the
(unused) (ptr, n, bool) overload, for the above-mentioned reason, so
do it now.
The alternative was to split putString() into putString() and
putNumber(), but there's already a putNumber(qulonglong, bool
negative), so I opted for an enum argument instead.
Fixes: QTBUG-138520
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: I78d1a9132d5ef41e33b9462d48d2f41401e1f688
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Because we have (have had) the new-style connections which allow us to
bypass the need for a receiver QObject.
Pick-to: 6.10
Change-Id: I6cc5368310bb902d99d6fffd67d98bd67463c99c
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This call is safer than the (ptr, n, bool=false) one, which may
accidentally resolve to (view, bool) if decltype(ptr) is "wrong".
This is in preparation of removing said putString() overload (and the
bool parameter).
Task-number: QTBUG-138520
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: I93ff89322468558f7da723ae47a1d67852cc59e6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
... until putString(QUtf8StringView), which, at some point, may be
optimized to not create a QString. This way, we centralize the
conversion in a single place.
The data comes from a QByteArray, so is always a valid range.
Task-number: QTBUG-138520
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: Ie6db2b1a254b737af286d7eb4e531829410b92c7
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
They're all the same, except the type of the thing being append()ed to
one of the two QStrings, so make the actual implementation a template.
Task-number: QTBUG-138520
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: I0a3041984b690cc0febac932b53bd6ec601e8780
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the remaining calls to write(const QChar *, qsizetype) with
calls that use QStringView.
Requires adapting a QChar[2] (not null-terminate, and QStringView
constructor scan for one). Chose to make it a char16_t literal
instead, and make it constexpr as a drive-by.
This removes the last caller of the write(p, n) overload, so remove
it.
Task-number: QTBUG-138520
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: Iddfadc7cd7837a541e5840247f8812398807bcfe
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Fixes
corelib/serialization/qdatastream.cpp:1419: (qdoc) warning: Can't link to 'OK'
Pick-to: 6.10
Change-Id: I81a32031accbac35e730c452afeb9be453419180
Reviewed-by: Tatiana Borisova <tatiana.borisova@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QTextStreamPrivate::putString(), in numeric mode, and with
accounting-style alignment, parses the string to check whether it
starts with the current locale's negativeSign() or positiveSign(),
which, since Qt 6.0, are QStrings, when in Qt 5 they were mere
QChars (which was wrong).
The old code still assumed Qt 5 times and merely compared the front()
of the string (the first character) with the locale's QString. This
works for locales where the plus/minus signs are just one UTF-16 code
point, but not for those that require surrogate pairs or are just
plain more than one Unicode code point long, like ar_EG (Arabic as
written in Egypt).
Fix by using startsWith() instead of front() ==.
[ChangeLog][QtCore][QTextStream] Fixed
QTextStream::FieldAlignment::AlignAccountingStyle for locales that
have negativeSign/positiveSign (-/+) that take more than one UTF-16
code point (e.g. ar (Arabic)).
Fixes: QTBUG-138484
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: I6120460cb2ea8ce201bca5ba404cdaea442b0cb6
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The putString() implementations for QStringView and QLatin1StringView
are now almost identical, so replace them with a template
implementation, and save ourselves some duplicate effort fixing bugs
in both places hereafter.
Task-number: QTBUG-138484
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: I23051be146970348b195d5b1dea8779a11047018
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Implement the (ptr, size) overload in terms of the QStringView
one. This makes the QStringView and QLatin1StringView overloads almost
token-for-token identical, allowing to Extract Method on them in the
next step, in preparation of fixing QTBUG-138484.
Task-number: QTBUG-138484
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: I75abfd29ff98ba79a92555631f4ac7f231571a32
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace write(&ch, 1) calls with write(ch) ones.
The QChar overload, added in 31c6d9f04ba80e6776ae01cb0588e6bd228f7184,
is safer, because it has less preconditions. With QTextStream being
security-critical, we should target to use safer functions to do the
same work, even if it introduces a bit of git history churn.
The call from a different TU (qdebug.cpp) means we need to remove the
lying inline keywords from both declaration and definition of
write(QChar), because GCC -Werrors on them.
As a drive-by, remove a use of QLatin1Char, in preparation of moving
from QChar to char16_t, eventually.
Pick-to: 6.10 6.9 6.8
Change-Id: I97b4c8c68a4ee0d4b821c4d2ec4a9dd6f44dceb0
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Coverity (rightfully) complained that QCborMap is lacking move SMFs.
Add them, also for QCborArray.
For move-assignment, use pure swap, which matches what QCborValue and
the QJson classes do.
Coverity-Id: 218756
Pick-to: 6.10
Task-number: QTBUG-53264
Change-Id: I9327b884e6e1ac08254552dfcf64b006f9a963a2
Reviewed-by: Ahmad Samir <a.samirh78@gmail.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One must never store the result of realloc() back into the first
realloc() argument, because, if relloc() fails, one still has to
free() the old pointer, but one has just overwritten its value with
nullptr, leaking memory.
To fix, first check, and then assign.
Found in manual review of realloc() uses.
Amends the start of the public history.
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: Id6d369116d4e01fb9cb1d6db3627b9956d4b6201
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Coverity complains that the QXmlStreamPrivateTagStack default ctor
dereferences nullptr. I haven't understood, yet, why it thinks that,
but manual inspection revealed a Q_CHECK_PTR() in
QXmlStreamSimpleStack::reserve(), called from push(), fingered by
Coverity, that comes too late: If Q_CHECK_PTR() is configured to throw
std::bad_alloc, then we'd leak the previous buffer if realloc()
failed, because we had already overwritten the old value.
Fix by moving the Q_CHECK_PTR to after the realloc() and before the
assignment of the realloc() result to the data member.
Fingers cross that this fixes Coverity's complaint, too.
Amends 403343039d07812c0beee9260b291f86e14d8ac4.
Coverity-Id: 474174
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: Ib3564c34626950b927aa54df50abeecc42e8e674
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Coverity (rightfully) complains that the assignment uses the copy- and
not the move-assignment operator.
Fix by adding the missing move().
Amends 927798f5deb0bd95fc8ce5be9fb0cfceef94a46b.
Coverity-Id: 481486
Pick-to: 6.10
Change-Id: I9044847abb88adaaa55f49e7578290d11ddb8655
Reviewed-by: Magdalena Stojek <magdalena.stojek@qt.io>
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This component processes input external to the process, and the
application depends on this component to report errors to detect
failure, so this component is security-critical.
The headers, however, contain only a miniscule amount of
implementation, essentially a few forwarders each and, in the public
header, the QTextStreamManipulator, everything else is out-of-line, so
I've opted to mark both headers as significant, header,
declarations-only. I'll de-inline what makes sense in a follow-up
commit.
Amends 8df072fc8006510c9b743e8ffedaaf51a876883a.
This completes the review of src/corelib/serialization, building on
the following prequel commits:
- 0b9d4c3a857144bad2937f964101c57ae7efec4c (QDataStream)
- 0a7ee06b27c55f10b65b053cabdc893ae8f23893 (QXmlStream{Reader,Writer})
- 046e6c5701da96dd64b613c2bc9cfd245c83b1a5 (QXmlUtils)
- cd4813a3c304a6d9d5d8096d91a8fc297818d624 (QJson and QCbor)
There are no other implementation files in this subdir at the time of
commit.
QUIP: 23
Fixes: QTBUG-135194
Pick-to: 6.10 6.9 6.8
Change-Id: If5264e3ad1eca230f48042888b1256ce0a329d8e
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QXmlUtils are used by QXmlStream and QDom, both of which are (or ought
soon to be) marked as security-critical. The component is clearly a
data-parser, too, with the same input as QXmlStream and QDom, so has to
be security-critical, too.
The header file contains only declarations, so it gets the default
score:significant.
Amends 8df072fc8006510c9b743e8ffedaaf51a876883a.
QUIP: 23
Task-number: QTBUG-135194
Pick-to: 6.10 6.9 6.8
Change-Id: I415486dbba0c748e6af561ea4f098ea42c4b1830
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These components process input external to the process, and the
application depends on these components to report errors to
detect failure, so these components are security-critical.
The writers are, too, because a valid use of the classes is to
stream-read something, filter or edit a few nodes, and then
stream back, in which case writers see the same input as the
readers, only in reverse, and have to build a valid output.
Where there's doubt whether a header should be considered
critical or not, err on the side of critical. We can always
revisit the decision later when we know what semantics we'll
attach to this marking.
Where a header only contains declarations (and class definitions),
mark as significant with reason "header, declarations only". It is
probably a good idea to avoid any non-trivial inline code in
headers whose .cpp files are security-critical, but moving all
inline code out-of-line is a task for a different patch.
Amends 8df072fc8006510c9b743e8ffedaaf51a876883a.
QUIP: 23
Task-number: QTBUG-135194
Pick-to: 6.10 6.9 6.8
Change-Id: Ie317c4df652430e6e68954c37d553b760836dff8
Reviewed-by: Matthias Rauter <matthias.rauter@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Add a paragraph about the removal of QTextStream::setCodec() and the
introduction of setEncoding() in Qt 6.
Pick-to: 6.10 6.9
Fixes: QTBUG-95325
Change-Id: I0785dcb493a5dcab83c85e59cb549a998ee25af0
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds {QJsonObject,QCborMap}::asKeyValueRange() which returns a
range over key-value pairs of the object/map
(`pair<QAnyStringView, QJsonValueRef>` and
`pair<QCborValueConstRef, QCborValue>`).
This uses QKeyValueIterator under the hood. QJsonObject's iterator only
iterates over the items, so using it in a range-based for loop won't
give users access to the key. With `asKeyValueRange` one can iterate
over both keys and values and conveniently use structured bindings.
QCborMap's iterator already iterates over key-value pairs, so
`asKeyValueRange` is provided for API symmetry.
In `QKeyValueIterator`, this adds a fourth template parameter `Traits`
to support custom `key()` and `value()` functions.
This is specifically needed for `QJsonObject`, as its actualy key is a
string view, but `key()` returns a `QString`.
[ChangeLog][QtCore][QJsonObject] Added asKeyValueRange to iterate with a
range-based for loop over key-value pairs with support for structured
bindings.
[ChangeLog][QtCore][QCborMap] Added asKeyValueRange to iterate with a
range-based for loop over key-value pairs with support for structured
bindings.
Pick-to: 6.10
Change-Id: I68d97fada8b2d7ef7224f1beb5aa685aac3d1b16
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QDataStream clearly parses data, both in the .cpp file and the header.
The class is used for over the network data communication in
QtRemoteObjects, so this obviously needs to be security-critical,
because de-facto, users will use this class in such ways, too.
Amends 8df072fc8006510c9b743e8ffedaaf51a876883a.
QUIP: 23
Task-number: QTBUG-135194
Pick-to: 6.10 6.9 6.8
Change-Id: I02a14e3c3fa1e008a532dd2e752b667cdc254e8e
Reviewed-by: Juha Vuolle <juha.vuolle@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add operator bool() that checks whether the associated stream has
no error status. This operator makes it possible to use streams
and functions that return references to streams as loop conditions:
`while (stream >> data)`.
- Update existing testcases that use or can use the status of stream
operations.
[ChangeLog][QtCore][QDataStream] Added implicit conversion to bool,
returning `status() == Ok`.
Found in API-review (added for symmetry with QTextStream).
Pick-to: 6.10
Change-Id: I3eb8251f40eba1a8164e088fa10de670564f428e
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This change ensures that errorString is explicitly cleared when
resetting the error code to NoError.
Resulted from API review.
Pick-to: 6.10
Change-Id: I182575df7a058045ea58424b64063cd6026fb21d
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Renamed enum values to avoid redundant naming.
Resulted from API review.
Pick-to: 6.10
Change-Id: I5213695c02a763d4689c5df97b20c282368b4fbd
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In tst_QDate the test previously had a hard-coded list of versions by
name. This, however, needed updates on each new release (or at least
new version of QDS), which have been neglected since Qt 5.0. The
tst_QDateTime version, meanwhile, only identified versions by their
numeric value, not their symbolic names.
So borrow the way tst_QCalendar enumerates QCalendar::System, making
QDataStream a Q_GADGET and its Version a Q_ENUM to support this, to
iterate over all versions algorithmically. Apply to both data stream
tests to get a more consistent form for their data tags.
Change-Id: I04d1060cfec822cfcdc0bce6d15b636fc165fe36
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
These can be set on the font directly, but had not been added to
QTextCharFormat, so there would be no way to override them by
formatting in a rich text document.
Fixes: QTBUG-134060
Change-Id: I4494e24cb9b99d84fb376ba895e2461fc3cd054b
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
|
| |
|
|
|
| |
Change-Id: I14ec3a08bf704535b9b10e33ec8ee0f9415f2d7c
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Amends commit 35adb74ddd915831789f0175423660f8e898942e (from 5.15) to
reflect the improved precision of 64-bit int when stored as a JSON
value.
Task-number: QTBUG-28560
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: I07915bc190dd7696e58356143e8857f91e888c67
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If QXmlStream isn't security-criticial, what is?
qxmlstream.h contains the definition of the QXmlString work-horse, so
it has to be security-critical, too (until we remove it).
Amends 8df072fc8006510c9b743e8ffedaaf51a876883a.
QUIP: 23
Task-number: QTBUG-135194
Pick-to: 6.9 6.8
Change-Id: Ib366e63fb89aa0b69ad437f6688285b2c390c5c1
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Reviewed-by: Kai Köhne <kai.koehne@qt.io>
|
