diff options
author | Sami Rosendahl <sami.rosendahl@reaktor.fi> | 2011-11-11 13:17:54 +0100 |
---|---|---|
committer | Peter Hartmann <peter.hartmann@nokia.com> | 2011-11-11 13:17:54 +0100 |
commit | d278a522dc65046ad7215c333a4a1bf00c12196a (patch) | |
tree | 46e33330d8a24ecfc35fba56cdf677709b5a3694 | |
parent | 2c072ae53ea4f90a32cfb8260f1bd0251ebab4f9 (diff) | |
download | qt4-tools-d278a522dc65046ad7215c333a4a1bf00c12196a.tar.gz |
Fix crash in QHttpNetworkReplyPrivate::gunzipBodyPartiallyEnd
If a HTTP server responds with gzip-encoded empty content without defining
Content-Length in the response header QHttpNetworkReplyPrivate::gunzipBodyPartiallyEnd
will crash because it calls zlib inflateEnd for an uninitialized stream.
- Fixed the crash by adding a check if the stream is initialized to gunzipBodyPartiallyEnd.
- Added a regression test tst_QNetworkReply::nb279420gzipNoContentLengthEmptyContentDisconnect
PMO 279420
Task-number: QTBUG-22660
Signed-off-by: Sami Rosendahl <sami.rosendahl@reaktor.fi>
Merge-request: 1465
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
-rw-r--r-- | src/network/access/qhttpnetworkreply.cpp | 6 | ||||
-rw-r--r-- | tests/auto/qnetworkreply/tst_qnetworkreply.cpp | 23 |
2 files changed, 27 insertions, 2 deletions
diff --git a/src/network/access/qhttpnetworkreply.cpp b/src/network/access/qhttpnetworkreply.cpp index 129e2c64bc..b926afeeaa 100644 --- a/src/network/access/qhttpnetworkreply.cpp +++ b/src/network/access/qhttpnetworkreply.cpp @@ -442,8 +442,10 @@ int QHttpNetworkReplyPrivate::gunzipBodyPartially(QByteArray &compressed, QByteA void QHttpNetworkReplyPrivate::gunzipBodyPartiallyEnd() { - inflateEnd(&inflateStrm); - initInflate = false; + if (initInflate) { + inflateEnd(&inflateStrm); + initInflate = false; + } } #endif diff --git a/tests/auto/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/qnetworkreply/tst_qnetworkreply.cpp index 7e5b3651af..28832b2089 100644 --- a/tests/auto/qnetworkreply/tst_qnetworkreply.cpp +++ b/tests/auto/qnetworkreply/tst_qnetworkreply.cpp @@ -332,6 +332,7 @@ private Q_SLOTS: void qtbug15311doubleContentLength(); void qtbug18232gzipContentLengthZero(); + void nb279420gzipNoContentLengthEmptyContentDisconnect(); void synchronousRequest_data(); void synchronousRequest(); @@ -5307,6 +5308,28 @@ void tst_QNetworkReply::qtbug18232gzipContentLengthZero() QCOMPARE(reply->readAll(), QByteArray()); } +// Reproduced a crash in QHttpNetworkReplyPrivate::gunzipBodyPartiallyEnd +// where zlib inflateEnd was called for uninitialized zlib stream +void tst_QNetworkReply::nb279420gzipNoContentLengthEmptyContentDisconnect() +{ + // Response with no Content-Length in header and empty content + QByteArray response("HTTP/1.0 200 OK\r\nContent-Encoding: gzip\r\n\r\n"); + MiniHttpServer server(response); + server.doClose = true; + + QNetworkRequest request(QUrl("http://localhost:" + QString::number(server.serverPort()))); + QNetworkReplyPtr reply = manager.get(request); + + connect(reply, SIGNAL(finished()), &QTestEventLoop::instance(), SLOT(exitLoop())); + QTestEventLoop::instance().enterLoop(10); + QVERIFY(!QTestEventLoop::instance().timeout()); + QVERIFY(reply->isFinished()); + QCOMPARE(reply->error(), QNetworkReply::NoError); + QCOMPARE(reply->size(), qint64(0)); + QVERIFY(!reply->header(QNetworkRequest::ContentLengthHeader).isValid()); + QCOMPARE(reply->readAll(), QByteArray()); +} + void tst_QNetworkReply::synchronousRequest_data() { QTest::addColumn<QUrl>("url"); |