| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The :status pseudo-header is required, and must be a 3-digit integer.
If it's missing or malformed, we must fail the request.
Additionally, HTTP/2 doesn't carry a reason phrase, so stop
trying to extract one.
Pick-to: 6.10 6.8
Change-Id: Ib98580dbf56766c41f08ec03ed75ea6a4728bc0e
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mate Barany <mate.barany@qt.io>
Reviewed-by: Øystein Heskestad <oystein.heskestad@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
The :version header was a SPDY/3 pseudo header that did
not survive the jump to HTTP/2, and no one really realized
it until now.
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: Ia7b38befbaa2d7265ae6c8794dfac8711d71e2e6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
The files parse data received from the network and/or otherwise make
decisions based on the data received.
Task-number: QTBUG-135582
Pick-to: 6.10 6.9 6.8
Change-Id: I35876cc1f4030b386d8400bc63597f35c23434ef
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We previously asserted that the reply was not nullptr, except in some
special circumstance. But then we proceeded to dereference it anyway.
This was then recently changed to be an if-check, but that just
highlighted the logic-flaw (and made static analyzers warn about it...)
What we want to assert is that the stream object is valid and
conditionally return early if the reply is nullptr, which it is for
promised streams, since no request has been made yet so no reply is
created.
At the same time, update the logic in the QHttp2Stream to not store or
emit header-related signals for a stream that has been reset.
Pick-to: 6.10 6.9
Change-Id: I55d69bbedc027893f6ad125c29468a34e7fb406f
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
After some of the RST stream handling was updated to more closely
follow the RFC it was accidentally not updating the handleHEADERS
function, and the handleDATA function was handled incorrectly leading
to a potential nullptr dereference.
Amends d17d260948e16549d82f1fdd4dec98d246b0622e.
Pick-to: 6.10 6.9
Change-Id: I345448efd7da92f4f74033b03a5c040b5db9d271
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It will do this when it gets deleted, but due to deleteLater just adding
an event to the event queue the events that are ahead in the queue may
use the stream in question. This would lead to a variant of
'stream not found', or specifically in the case of the bugreport, a
'HEADERS on non-existent stream' stream error.
Amends 6b4e11e63ead46dde5c1002c123ca964bb6aa342
Fixes: QTBUG-137427
Pick-to: 6.10 6.9
Change-Id: I5f2b2d5660866f1ad12aaafbb4e572b08ed5a6e4
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to switching the protocol handler to use QHttp2Connection this
particular issue (see bugreport) was not a problem because the handling
of the IO-device being destroyed was simply to drop any pointer to
it.
QHttp2Stream, however, also has to keep track of the lifetime of
the IO-device, because it needs to abort the stream if the data
it's uploading is destroyed earlier than expected.
Now, since QHttp2Stream might also have other errors come up, we
have to connect to the generic 'errorOccurred' signal from it and
handle whatever issues arise, notifying our users that the request
for some reason cannot be fulfilled.
It's thanks to this part that we were now, in certain cases,
grabbing a stale pointer to the HttpNetworkReply and trying to
call functions on it.
We fix this somewhat indirectly. Because, after a HttpReply is
destroyed, we shouldn't even have any references to it in the
first place. And while it would usually be done as part of
handling the deleted() signal, we actually disconnect from
HttpNetworkReply's signals when we have processed one of the
finished*() functions. But since we were still connected to the stream's
signals we would still try to handle it.
For the http1 protocol handler this was already handled in
QHttpNetworkConnection::removeReply, which the HttpNetworkReply itself
calls at start of destruction. The function will go through any place
that the reply can be referenced and removes it. For http/2 it would
remove it from the list of requests yet to be sent, but not from the
in-progress list. So, we now add a new virtual function to the
AbstractProtocolHandler and specialize it in Http2 to handle exactly
this.
Fixes: QTBUG-136549
Pick-to: 6.9.1 6.9
Change-Id: Ie41863677a3b163f77d10bc3904ca515f6840be3
Reviewed-by: Mate Barany <mate.barany@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
After introducing QHttp2Connection earlier we ended up having some
duplication. For 6.9 let's be brave and get rid of that :)
This patch drops all the code that can now be handled by
QHttp2Connection, and uses that directly.
Fixes: QTBUG-129211
Change-Id: Ie82b532452010b06f33e29457da8fb698898a29f
Reviewed-by: Mate Barany <mate.barany@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have the encrypted() signal that lets users do extra checks on the
established connection. It is emitted as BlockingQueued, so the HTTP
thread stalls until it is done emitting. Users can potentially call
abort() on the QNetworkReply at that point, which is passed as a Queued
call back to the HTTP thread. That means that any currently queued
signal emission will be processed before the abort() call is processed.
In the case of HTTP2 it is a little special since it is multiplexed and
the code is built to start requests as they are available. This means
that, while the code worked fine for HTTP1, since one connection only
has one request, it is not working for HTTP2, since we try to send more
requests in-between the encrypted() signal and the abort() call.
This patch changes the code to delay any communication until the
encrypted() signal has been emitted and processed, for HTTP2 only.
It's done by adding a few booleans, both to know that we have to return
early and so we can keep track of what events arose and what we need to
resume once enough time has passed that any abort() call must have been
processed.
Fixes: QTBUG-126610
Pick-to: 6.8 6.7 6.5 6.2 5.15 5.12
Change-Id: Ic25a600c278203256e35f541026f34a8783235ae
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-125026
Change-Id: I517340e17adf5b068f984cb9e4aa87cf066ab456
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
When adding/fixing parts earlier it was missed that it was not handling
the _unsupported_ case, when authentication is not handled and there is
no resend. But there _is_ a challenge header.
Pick-to: 6.7 6.6 6.5
Fixes: QTBUG-123891
Change-Id: I21470df0ce2528bad3babffc6e9f19b7afd29d20
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We were looking at all active streams, but that also includes promised
streams.
By the RFC the limitation that our peer specifies only applies to the
number of streams _we_ create, not the total amount of active streams.
More importantly, for the qhttp2protocolhandler it could mean that we
could end up having a few promised streams push the active stream count
over the limit, which could lead us to start more streams than intended
(then bounded by the number of queued requests).
The worst case in this scenario is that a **non-compliant** server
doesn't track how many connections we open and the user has queued
a ton of requests, so we open a ton of streams.
But on the upside: server-push is not widely used.
Pick-to: 6.7
Change-Id: I2a533472eb9127fd176bb99e9db0518f05c3fffe
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The settings frame with the max streams might be received late
or be revised later, so we cannot assert something on the
relation with the max streams allowed.
Amends 22c99cf498103c86baa5a415ca34630396e5b6aa
Pick-to: 6.7
Change-Id: I973dfcf91541becc8c3d6363f9065bb1b9183062
Reviewed-by: Øystein Heskestad <oystein.heskestad@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On 64-bit systems, both the requests.size() and the
activeStreams.size() were truncated to uint32_t values from int64_t
ones. While extremely unlikely that either will contain more than 4Gi
elements, avoid the truncation by verifying that the `max` amount of
streams is larger than the activeStreams, and then using size_t for
the range.
Pick-to: 6.7
Change-Id: I50644cb634bab0f020acf9aea1d03744b11dbe51
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Juha Vuolle <juha.vuolle@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make QHttp2ProtocolHandler discard all informational (1xx) replies with
the exception of 101.
According to RFC 9110:
"A client MUST be able to parse one or more 1xx responses received
prior to a final response, even if the client does not expect one.
A user agent MAY ignore unexpected 1xx responses."
Fixes: QTBUG-121755
Change-Id: I8b8d578f23d4fbe28929f8c54b3607bcaf85405f
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Juha Vuolle <juha.vuolle@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
HTTP header name fields are case-insensitive and the QHttpHeaders class
stores them as lower-case. Therefore the case-insensitive comparisons,
when comparing against a lower-case value, are not needed.
Pick-to: 6.7
Change-Id: I7f38ef16aa7c61103abc4c81c13aebdd6e535dc8
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
... as a more computationally effective way, which was not present at
the time those usages were introduced.
As a drive-by add spaces around a binary operator
Task-number: QTBUG-122017
Pick-to: 6.7
Change-Id: I0528c995d1a3c1fe171486c5c313697d1706ee10
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The code did not handle the path where we didn't have a challenge.
We cannot recover from that so we just have to fail the request.
Amends fe1b668861e8a3ef99e126821fcd3eeaa6044b54
Pick-to: 6.7 6.6 6.6.2 6.5 6.2
Fixes: QTBUG-121515
Change-Id: Ie39a92e7439785a09cad28e8f81599a51de5e27f
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
QHttpHeaderParser::headers() method is changed to return QHttpHeaders.
QAuthenticatorPrivate::parseHttpResponse() method is changed to work with QHttpHeaders.
QHttpNetworkHeader::header() method is updated to return QHttpHeaders.
Tests are updated.
Task-number: QTBUG-120133
Change-Id: I20a18b509acd7a8b8d93884cff8349519d64293e
Reviewed-by: Ievgenii Meshcheriakov <ievgenii.meshcheriakov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Øystein Heskestad <oystein.heskestad@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
The static function appeared in two places, and in a unity-build
this fails quite visibly.
Pick-to: 6.7
Change-Id: I60000d01194a2c79ca9c101f2a6d3f77f469f1a7
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Nodir Temirkhodjaev <nodir.temir@gmail.com>
|
| |
|
|
|
|
| |
Pick-to: 6.7
Change-Id: I5033d433d2aa499007a6e436dbb70d9c48315e8b
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function is given a vector of Http2::Frame's and flattens it into
a vector<uchar>. While each Frame can contain a maximum of 16GiB of
data (24-bit size field), one "only" needs 257 of them to overflow the
quint32 variable's range.
So make sure any overflow does not go undetected.
Keep the limited uint32_t range for now, as we don't know whether all
consumers of the result can deal with more than 4GiB of data.
Since all these frames must be in memory, this cannot overflow in
practice on 32-bit machines.
Pick-to: 6.7 6.6 6.5 6.2 5.15
Change-Id: Iafaa7d1c870cba9100e75065db11d95934f86213
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
By attempting to get credentials and potentially emitting error
during header parsing we may not have gotten the DATA frames yet
which would leave us emitting error() and finished() without any
body.
Pick-to: 6.6 6.5 6.2
Change-Id: Ibc5fb78193af80ddabaca2c9e4149bbcac9789a1
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
| |
Change-Id: I132533b9bc1f2b4d66f94599efb04def571cd2ff
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
| |
Use QBAV more to reduce allocations
Change-Id: I009144156fafa64dd241c446bd4081fe197aa2bf
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
| |
Don't use QMap for parsing. Indroduce local enum and use it with std::array
Change-Id: I60fed6991ac415e4ff3827ae621f2c9b5071dcbe
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
| |
for making url to improve readability
Change-Id: I743f183b64f2ed9c9363ea4fd2bdb8588fd84547
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
| |
It looks cleaner when it's declared where it's defined.
Change-Id: I5006fc086c73e6d4891bc64ff3a8c6b4b17623fe
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Thinking back I'm 99% certain I deliberately used QBA because I was
going to cherry-pick it back and didn't feel like dealing with failing
builds. Coming up we will have a lot of other changes here so let's
change this as well.
Change-Id: Ifc60ad8ee2a1e5b75ac766b4a8b7e1559f80e942
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
|
| |
|
|
|
|
| |
Change-Id: Ice7f0f026353f5668a437cc35d9b21cde0a69182
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
|
| |
|
|
|
|
|
| |
Change-Id: I4148f94a7d9944eddccaba6dbc956abcd2ad9937
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Ahmad Samir <a.samirh78@gmail.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
| |
Change-Id: Ibef8da7349d143433522bbb0fd2ee228f0d58135
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
By passing both arguments as qint64, then casting to qint32.
Since one of the arguments are qint32, the result will fit in qint32.
Change-Id: I98e9b1484549fa5dad340f02eda1b341cf6b293d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Ahmad Samir <a.samirh78@gmail.com>
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the trailing frame just had PRIORITY we would early-return, though
this meant we didn't check if the frame had the END_STREAM flag set,
leading some requests to certain servers to hang.
Fixes: QTBUG-111417
Pick-to: 6.5 6.4 6.2
Change-Id: Iac174dc5aeca30d5d19fae35f303983de9841847
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
|
| |
|
|
|
|
|
|
|
| |
We don't need the QBA later, so just pass it directly to
the QByteDataBuffer and avoid the ref-counter increase/decrease.
Change-Id: I253a29981bdfffb1a205baaaa0788d4283253e19
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the current license disclaimer in files by
a SPDX-License-Identifier.
Files that have to be modified by hand are modified.
License files are organized under LICENSES directory.
Task-number: QTBUG-67283
Change-Id: Id880c92784c40f3bbde861c0d93f58151c18b9f1
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
|
| |
|
|
|
|
|
| |
Task-number: QTBUG-98434
Change-Id: I0bb9d534ee42ccbf7d353e251ef58901a86923b4
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-98434
Change-Id: Ic235b92377203f7a1429ae7fd784c4a1fa893e9f
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The redirect handling for http2 was a little simple. E.g. not handling
relative URLs.
Fix this using the redirect response parsing function which the http1
protocol handler already uses.
Fixes: QTBUG-100651
Pick-to: 6.3 6.2 5.15
Change-Id: Ic0cec4cacc92707e7a7fde1f4665f80995a6057e
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
| |
Change-Id: I227a9541bf76c1c048a694f022b8fc419c0c2544
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
| |
Fixes: QTBUG-80701
Change-Id: I43f5e102c15d121dba74e07e3cd4bb8aded1c763
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
These signals allow monitoring where in the HTTP1/HTTP2
flow a request is currently in.
Fixes: QTBUG-71698
Fixes: QTBUG-18766
Change-Id: Icc2fe435afc9f680fa7a76c32731e25fcdfeb4b4
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
| |
Pick-to: 6.2
Pick-to: 6.1
Change-Id: I47a3f8f7c39d4179a9a108e81a9c7f409acbc315
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SETTINGS for max concurrect number of streams is 'one direction' - this
is how our peer conveys the possible number of streams _we_ can open,
not _them_. If they choose to have it unlimited - let it be so.
It's possible to send 0 as maximum number, also, it's possible to
reduce the maximum compared to initial at some point - then I have
to avoid integer overflows.
Pick-to: 6.2
Pick-to: 6.1
Pick-to: 5.15
Fixes: QTBUG-94470
Change-Id: Ia02247acbaedd70998a4cab02082ba10f45cf78c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Rather than when the data is received. Source compatibility is
achieved through double-decompressing the data. This lets us know
how many bytes are available just as before but without having the
uncompressed data left in memory.
Fixes: QTBUG-83269
Change-Id: I352bd09581614c582e4628243e2a0e895ba4946b
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
| |
Fixes: QTBUG-91870
Change-Id: Ia23e8b8bcfdf65a91fe57e739242a355c681c9e6
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With Qt 6 we made HTTP/2 default, which exposed missing handling of
401 Unauthorized (and 407 Proxy Authentication Required).
In HTTP/1.* we would handle this after the response had finished, while
handling the status code. For h2 this path isn't used since it is
heavily reliant on the structure we have for HTTP/1.* (one request per
channel). So we must handle the status code and header directly.
Having that part fixed exposed another issue - when resetting/rewinding
uploaded data we were not resetting the 'totallyUploadedData' counter in
the reply (this, in turn, exposed another small issue). Because of that
we did not actually send any data on the retry, only sending the
content-length followed by no data.
Finally, the small issue mentioned in the previous paragraph was how we
check if we have uploaded all our data. It was only checking if the
byte-device was atEnd(), which it was. But only because it had not yet
prepared any data for us.
Fixes: QTBUG-91284
Pick-to: 6.1 6.0 5.15
Change-Id: I798d105b02688b18a02897cc476f19f57a47f98f
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In general the protocolHandler isn't deleted unless
the channel is being destructed. So instead of reset()ing
the pointer we keep it around.
Also update the http2protocolhandler to mimic the http1
handler a little closer: shutting down the channel in
receiveReply if there's no reply/activeStreams, and not
calling receiveReply at all if there's no activeStreams.
Pick-to: 5.15
Change-Id: I702547f594deb6b0c1384068f7e93e560527e8e2
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
| |
To avoid potential decompression bombs. This is implemented with just
a simple check that the ratio doesn't pass some hardcoded preset.
Change-Id: I17246f0f43e73280cdb35a8f03d65885f5678ad6
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changes are not too big for now. Just replaces use of the previous
calls to the zlib decompression function. And initialize
QDecompressHelper when we know the content-encoding.
Task-number: QTBUG-83269
Change-Id: I41358feaef2e7ac5f48f14e3f95ec094e0c110b7
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
