diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /dev-qt/qtcore/files | |
download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'dev-qt/qtcore/files')
6 files changed, 856 insertions, 0 deletions
diff --git a/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch b/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch new file mode 100644 index 000000000000..c472d4212ffa --- /dev/null +++ b/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch @@ -0,0 +1,114 @@ +From 512a1ce0698d370c313bb561bbf078935fa0342e Mon Sep 17 00:00:00 2001 +From: Mitch Curtis <mitch.curtis@digia.com> +Date: Thu, 7 Nov 2013 09:36:29 +0100 +Subject: Disallow deep or widely nested entity references. + +Nested references with a depth of 2 or greater will fail. References +that partially expand to greater than 1024 characters will also fail. + +This is a backport of 46a8885ae486e238a39efa5119c2714f328b08e4. + +Change-Id: I0c2e1fa13d6ccb5f88641dae2ed3f28bfdeaf609 +Reviewed-by: Richard J. Moore <rich@kde.org> +Reviewed-by: Lars Knoll <lars.knoll@digia.com> + +diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp +index a1777c5..3904632 100644 +--- a/src/xml/sax/qxml.cpp ++++ b/src/xml/sax/qxml.cpp +@@ -424,6 +424,10 @@ private: + int stringValueLen; + QString emptyStr; + ++ // The limit to the amount of times the DTD parsing functions can be called ++ // for the DTD currently being parsed. ++ int dtdRecursionLimit; ++ + const QString &string(); + void stringClear(); + void stringAddC(QChar); +@@ -492,6 +496,7 @@ private: + void unexpectedEof(ParseFunction where, int state); + void parseFailed(ParseFunction where, int state); + void pushParseState(ParseFunction function, int state); ++ bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage); + + Q_DECLARE_PUBLIC(QXmlSimpleReader) + QXmlSimpleReader *q_ptr; +@@ -2759,6 +2764,7 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader) + useNamespacePrefixes = false; + reportWhitespaceCharData = true; + reportEntities = false; ++ dtdRecursionLimit = 2; + } + + QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate() +@@ -5018,6 +5024,11 @@ bool QXmlSimpleReaderPrivate::parseDoctype() + } + break; + case Mup: ++ if (dtdRecursionLimit > 0 && parameterEntities.size() > dtdRecursionLimit) { ++ reportParseError(QString::fromLatin1( ++ "DTD parsing exceeded recursion limit of %1.").arg(dtdRecursionLimit)); ++ return false; ++ } + if (!parseMarkupdecl()) { + parseFailed(&QXmlSimpleReaderPrivate::parseDoctype, state); + return false; +@@ -6627,6 +6638,37 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq() + return false; + } + ++bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage) ++{ ++ const QString value = string(); ++ QMap<QString, int> referencedEntityCounts; ++ foreach (QString entityName, entities.keys()) { ++ for (int i = 0; i < value.size() && i != -1; ) { ++ i = value.indexOf(entityName, i); ++ if (i != -1) { ++ // The entityName we're currently trying to find ++ // was matched in this string; increase our count. ++ ++referencedEntityCounts[entityName]; ++ i += entityName.size(); ++ } ++ } ++ } ++ ++ foreach (QString entityName, referencedEntityCounts.keys()) { ++ const int timesReferenced = referencedEntityCounts[entityName]; ++ const QString entityValue = entities[entityName]; ++ if (entityValue.size() * timesReferenced > 1024) { ++ if (errorMessage) { ++ *errorMessage = QString::fromLatin1("The XML entity \"%1\"" ++ "expands too a string that is too large to process when " ++ "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced); ++ } ++ return true; ++ } ++ } ++ return false; ++} ++ + /* + Parse a EntityDecl [70]. + +@@ -6721,6 +6763,15 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl() + switch (state) { + case EValue: + if ( !entityExist(name())) { ++ QString errorMessage; ++ if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) { ++ // The entity at entityName is entityValue.size() characters ++ // long in its unexpanded form, and was mentioned timesReferenced times, ++ // resulting in a string that would be greater than 1024 characters. ++ reportParseError(errorMessage); ++ return false; ++ } ++ + entities.insert(name(), string()); + if (declHnd) { + if (!declHnd->internalEntityDecl(name(), string())) { +-- +1.8.5.2 + diff --git a/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch b/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch new file mode 100644 index 000000000000..03ef64f22d86 --- /dev/null +++ b/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch @@ -0,0 +1,124 @@ +From cecceb0cdd87482124a73ecf537f3445d68be13e Mon Sep 17 00:00:00 2001 +From: Mitch Curtis <mitch.curtis@digia.com> +Date: Tue, 12 Nov 2013 13:44:56 +0100 +Subject: Fully expand entities to ensure deep or widely nested ones fail + parsing + +With 512a1ce0698d370c313bb561bbf078935fa0342e, we failed when parsing +entities whose partially expanded size was greater than 1024 +characters. That was not enough, so now we fully expand all entities. + +This is a backport of f1053d94f59f053ce4acad9320df14f1fbe4faac. + +Change-Id: I41dd6f4525c63e82fd320a22d19248169627f7e0 +Reviewed-by: Richard J. Moore <rich@kde.org> + +diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp +index 3904632..befa801 100644 +--- a/src/xml/sax/qxml.cpp ++++ b/src/xml/sax/qxml.cpp +@@ -426,7 +426,9 @@ private: + + // The limit to the amount of times the DTD parsing functions can be called + // for the DTD currently being parsed. +- int dtdRecursionLimit; ++ static const int dtdRecursionLimit = 2; ++ // The maximum amount of characters an entity value may contain, after expansion. ++ static const int entityCharacterLimit = 1024; + + const QString &string(); + void stringClear(); +@@ -496,7 +498,7 @@ private: + void unexpectedEof(ParseFunction where, int state); + void parseFailed(ParseFunction where, int state); + void pushParseState(ParseFunction function, int state); +- bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage); ++ bool isExpandedEntityValueTooLarge(QString *errorMessage); + + Q_DECLARE_PUBLIC(QXmlSimpleReader) + QXmlSimpleReader *q_ptr; +@@ -2764,7 +2766,6 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader) + useNamespacePrefixes = false; + reportWhitespaceCharData = true; + reportEntities = false; +- dtdRecursionLimit = 2; + } + + QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate() +@@ -6638,30 +6639,43 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq() + return false; + } + +-bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage) ++bool QXmlSimpleReaderPrivate::isExpandedEntityValueTooLarge(QString *errorMessage) + { +- const QString value = string(); +- QMap<QString, int> referencedEntityCounts; +- foreach (QString entityName, entities.keys()) { +- for (int i = 0; i < value.size() && i != -1; ) { +- i = value.indexOf(entityName, i); +- if (i != -1) { +- // The entityName we're currently trying to find +- // was matched in this string; increase our count. +- ++referencedEntityCounts[entityName]; +- i += entityName.size(); ++ QMap<QString, int> literalEntitySizes; ++ // The entity at (QMap<QString,) referenced the entities at (QMap<QString,) (int>) times. ++ QMap<QString, QMap<QString, int> > referencesToOtherEntities; ++ QMap<QString, int> expandedSizes; ++ ++ // For every entity, check how many times all entity names were referenced in its value. ++ foreach (QString toSearch, entities.keys()) { ++ // The amount of characters that weren't entity names, but literals, like 'X'. ++ QString leftOvers = entities.value(toSearch); ++ // How many times was entityName referenced by toSearch? ++ foreach (QString entityName, entities.keys()) { ++ for (int i = 0; i < leftOvers.size() && i != -1; ) { ++ i = leftOvers.indexOf(QString::fromLatin1("&%1;").arg(entityName), i); ++ if (i != -1) { ++ leftOvers.remove(i, entityName.size() + 2); ++ // The entityName we're currently trying to find was matched in this string; increase our count. ++ ++referencesToOtherEntities[toSearch][entityName]; ++ } + } + } ++ literalEntitySizes[toSearch] = leftOvers.size(); + } + +- foreach (QString entityName, referencedEntityCounts.keys()) { +- const int timesReferenced = referencedEntityCounts[entityName]; +- const QString entityValue = entities[entityName]; +- if (entityValue.size() * timesReferenced > 1024) { ++ foreach (QString entity, referencesToOtherEntities.keys()) { ++ expandedSizes[entity] = literalEntitySizes[entity]; ++ foreach (QString referenceTo, referencesToOtherEntities.value(entity).keys()) { ++ const int references = referencesToOtherEntities.value(entity).value(referenceTo); ++ // The total size of an entity's value is the expanded size of all of its referenced entities, plus its literal size. ++ expandedSizes[entity] += expandedSizes[referenceTo] * references + literalEntitySizes[referenceTo] * references; ++ } ++ ++ if (expandedSizes[entity] > entityCharacterLimit) { + if (errorMessage) { +- *errorMessage = QString::fromLatin1("The XML entity \"%1\"" +- "expands too a string that is too large to process when " +- "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced); ++ *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands too a string that is too large to process (%2 characters > %3)."); ++ *errorMessage = (*errorMessage).arg(entity).arg(expandedSizes[entity]).arg(entityCharacterLimit); + } + return true; + } +@@ -6764,10 +6778,7 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl() + case EValue: + if ( !entityExist(name())) { + QString errorMessage; +- if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) { +- // The entity at entityName is entityValue.size() characters +- // long in its unexpanded form, and was mentioned timesReferenced times, +- // resulting in a string that would be greater than 1024 characters. ++ if (isExpandedEntityValueTooLarge(&errorMessage)) { + reportParseError(errorMessage); + return false; + } +-- +1.8.5.2 + diff --git a/dev-qt/qtcore/files/qtcore-4.8.5-honor-ExcludeSocketNotifiers-in-glib-event-loop.patch b/dev-qt/qtcore/files/qtcore-4.8.5-honor-ExcludeSocketNotifiers-in-glib-event-loop.patch new file mode 100644 index 000000000000..0fcc1fa6561d --- /dev/null +++ b/dev-qt/qtcore/files/qtcore-4.8.5-honor-ExcludeSocketNotifiers-in-glib-event-loop.patch @@ -0,0 +1,81 @@ +From 267feb2de49eed0823ca0c29f1cd5238537c7116 Mon Sep 17 00:00:00 2001 +From: Jan-Marek Glogowski <glogow@fbihome.de> +Date: Thu, 6 Mar 2014 18:44:43 +0100 +Subject: Honor ExcludeSocketNotifiers in glib event loop + +Implements QEventLoop::ExcludeSocketNotifiers in the same way +QEventLoop::X11ExcludeTimers is already implemented for the glib +event loop. + +This prevents crashes when QClipboard checks for clipboard events +and + qApp->clipboard()->setProperty( "useEventLoopWhenWaiting", true ); +is set. + +Task-number: QTBUG-34614 +Task-number: QTBUG-37380 + +Change-Id: Id4e2a74c6bdf8c3b439a4e3813d24d11368b607d +--- + src/corelib/kernel/qeventdispatcher_glib.cpp | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/corelib/kernel/qeventdispatcher_glib.cpp b/src/corelib/kernel/qeventdispatcher_glib.cpp +index 0b0e308..ba522fa 100644 +--- a/src/corelib/kernel/qeventdispatcher_glib.cpp ++++ b/src/corelib/kernel/qeventdispatcher_glib.cpp +@@ -65,6 +65,7 @@ struct GPollFDWithQSocketNotifier + struct GSocketNotifierSource + { + GSource source; ++ QEventLoop::ProcessEventsFlags processEventsFlags; + QList<GPollFDWithQSocketNotifier *> pollfds; + }; + +@@ -80,6 +81,9 @@ static gboolean socketNotifierSourceCheck(GSource *source) + GSocketNotifierSource *src = reinterpret_cast<GSocketNotifierSource *>(source); + + bool pending = false; ++ if (src->processEventsFlags & QEventLoop::ExcludeSocketNotifiers) ++ return pending; ++ + for (int i = 0; !pending && i < src->pollfds.count(); ++i) { + GPollFDWithQSocketNotifier *p = src->pollfds.at(i); + +@@ -103,6 +107,9 @@ static gboolean socketNotifierSourceDispatch(GSource *source, GSourceFunc, gpoin + QEvent event(QEvent::SockAct); + + GSocketNotifierSource *src = reinterpret_cast<GSocketNotifierSource *>(source); ++ if (src->processEventsFlags & QEventLoop::ExcludeSocketNotifiers) ++ return true; ++ + for (int i = 0; i < src->pollfds.count(); ++i) { + GPollFDWithQSocketNotifier *p = src->pollfds.at(i); + +@@ -331,6 +338,7 @@ QEventDispatcherGlibPrivate::QEventDispatcherGlibPrivate(GMainContext *context) + reinterpret_cast<GSocketNotifierSource *>(g_source_new(&socketNotifierSourceFuncs, + sizeof(GSocketNotifierSource))); + (void) new (&socketNotifierSource->pollfds) QList<GPollFDWithQSocketNotifier *>(); ++ socketNotifierSource->processEventsFlags = QEventLoop::AllEvents; + g_source_set_can_recurse(&socketNotifierSource->source, true); + g_source_attach(&socketNotifierSource->source, mainContext); + +@@ -416,6 +424,7 @@ bool QEventDispatcherGlib::processEvents(QEventLoop::ProcessEventsFlags flags) + // tell postEventSourcePrepare() and timerSource about any new flags + QEventLoop::ProcessEventsFlags savedFlags = d->timerSource->processEventsFlags; + d->timerSource->processEventsFlags = flags; ++ d->socketNotifierSource->processEventsFlags = flags; + + if (!(flags & QEventLoop::EventLoopExec)) { + // force timers to be sent at normal priority +@@ -427,6 +436,7 @@ bool QEventDispatcherGlib::processEvents(QEventLoop::ProcessEventsFlags flags) + result = g_main_context_iteration(d->mainContext, canWait); + + d->timerSource->processEventsFlags = savedFlags; ++ d->socketNotifierSource->processEventsFlags = savedFlags; + + if (canWait) + emit awake(); +-- +2.0.0 + diff --git a/dev-qt/qtcore/files/qtcore-4.8.5-moc-boost-lexical-cast.patch b/dev-qt/qtcore/files/qtcore-4.8.5-moc-boost-lexical-cast.patch new file mode 100644 index 000000000000..b464c926b0e1 --- /dev/null +++ b/dev-qt/qtcore/files/qtcore-4.8.5-moc-boost-lexical-cast.patch @@ -0,0 +1,12 @@ +Index: qt-everywhere-opensource-src-4.8.9999/src/tools/moc/main.cpp +=================================================================== +--- qt-everywhere-opensource-src-4.8.9999.orig/src/tools/moc/main.cpp ++++ qt-everywhere-opensource-src-4.8.9999/src/tools/moc/main.cpp +@@ -190,6 +190,7 @@ int runMoc(int _argc, char **_argv) + + // Workaround a bug while parsing the boost/type_traits/has_operator.hpp header. See QTBUG-22829 + pp.macros["BOOST_TT_HAS_OPERATOR_HPP_INCLUDED"]; ++ pp.macros["BOOST_LEXICAL_CAST_INCLUDED"]; + + QByteArray filename; + QByteArray output; diff --git a/dev-qt/qtcore/files/qtcore-4.8.5-qeventdispatcher-recursive.patch b/dev-qt/qtcore/files/qtcore-4.8.5-qeventdispatcher-recursive.patch new file mode 100644 index 000000000000..6d3bf2f2cde2 --- /dev/null +++ b/dev-qt/qtcore/files/qtcore-4.8.5-qeventdispatcher-recursive.patch @@ -0,0 +1,94 @@ +--- src/corelib/kernel/qeventdispatcher_glib.cpp.sav 2014-03-28 15:26:37.000000000 +0100 ++++ src/corelib/kernel/qeventdispatcher_glib.cpp 2014-04-24 09:44:09.358659204 +0200 +@@ -255,22 +255,30 @@ struct GPostEventSource + GSource source; + QAtomicInt serialNumber; + int lastSerialNumber; ++ QEventLoop::ProcessEventsFlags processEventsFlags; + QEventDispatcherGlibPrivate *d; + }; + + static gboolean postEventSourcePrepare(GSource *s, gint *timeout) + { ++ GPostEventSource *source = reinterpret_cast<GPostEventSource *>(s); + QThreadData *data = QThreadData::current(); + if (!data) + return false; + ++ QEventLoop::ProcessEventsFlags excludeAllFlags ++ = QEventLoop::ExcludeUserInputEvents ++ | QEventLoop::ExcludeSocketNotifiers ++ | QEventLoop::X11ExcludeTimers; ++ if ((source->processEventsFlags & excludeAllFlags) == excludeAllFlags) ++ return false; ++ + gint dummy; + if (!timeout) + timeout = &dummy; + const bool canWait = data->canWaitLocked(); + *timeout = canWait ? -1 : 0; + +- GPostEventSource *source = reinterpret_cast<GPostEventSource *>(s); + return (!canWait + || (source->serialNumber != source->lastSerialNumber)); + } +@@ -284,8 +292,14 @@ static gboolean postEventSourceDispatch( + { + GPostEventSource *source = reinterpret_cast<GPostEventSource *>(s); + source->lastSerialNumber = source->serialNumber; +- QCoreApplication::sendPostedEvents(); +- source->d->runTimersOnceWithNormalPriority(); ++ QEventLoop::ProcessEventsFlags excludeAllFlags ++ = QEventLoop::ExcludeUserInputEvents ++ | QEventLoop::ExcludeSocketNotifiers ++ | QEventLoop::X11ExcludeTimers; ++ if ((source->processEventsFlags & excludeAllFlags) != excludeAllFlags) { ++ QCoreApplication::sendPostedEvents(); ++ source->d->runTimersOnceWithNormalPriority(); ++ } + return true; // i dunno, george... + } + +@@ -329,6 +343,7 @@ QEventDispatcherGlibPrivate::QEventDispa + postEventSource = reinterpret_cast<GPostEventSource *>(g_source_new(&postEventSourceFuncs, + sizeof(GPostEventSource))); + postEventSource->serialNumber = 1; ++ postEventSource->processEventsFlags = QEventLoop::AllEvents; + postEventSource->d = this; + g_source_set_can_recurse(&postEventSource->source, true); + g_source_attach(&postEventSource->source, mainContext); +@@ -423,6 +438,7 @@ bool QEventDispatcherGlib::processEvents + + // tell postEventSourcePrepare() and timerSource about any new flags + QEventLoop::ProcessEventsFlags savedFlags = d->timerSource->processEventsFlags; ++ d->postEventSource->processEventsFlags = flags; + d->timerSource->processEventsFlags = flags; + d->socketNotifierSource->processEventsFlags = flags; + +@@ -435,6 +451,7 @@ bool QEventDispatcherGlib::processEvents + while (!result && canWait) + result = g_main_context_iteration(d->mainContext, canWait); + ++ d->postEventSource->processEventsFlags = savedFlags; + d->timerSource->processEventsFlags = savedFlags; + d->socketNotifierSource->processEventsFlags = savedFlags; + +--- src/corelib/kernel/qeventdispatcher_unix.cpp.sav 2013-06-07 07:16:52.000000000 +0200 ++++ src/corelib/kernel/qeventdispatcher_unix.cpp 2014-04-24 09:43:06.927589535 +0200 +@@ -905,7 +905,15 @@ bool QEventDispatcherUNIX::processEvents + + // we are awake, broadcast it + emit awake(); +- QCoreApplicationPrivate::sendPostedEvents(0, 0, d->threadData); ++ ++ QEventLoop::ProcessEventsFlags excludeAllFlags ++ = QEventLoop::ExcludeUserInputEvents ++ | QEventLoop::ExcludeSocketNotifiers ++ | QEventLoop::X11ExcludeTimers; ++ if ((flags & excludeAllFlags) == excludeAllFlags) ++ return false; ++ if(( flags & excludeAllFlags ) != excludeAllFlags ) ++ QCoreApplicationPrivate::sendPostedEvents(0, 0, d->threadData); + + int nevents = 0; + const bool canWait = (d->threadData->canWaitLocked() diff --git a/dev-qt/qtcore/files/qtcore-4.8.6-QNAM-corruptions-fix.patch b/dev-qt/qtcore/files/qtcore-4.8.6-QNAM-corruptions-fix.patch new file mode 100644 index 000000000000..1d83caa3a260 --- /dev/null +++ b/dev-qt/qtcore/files/qtcore-4.8.6-QNAM-corruptions-fix.patch @@ -0,0 +1,431 @@ +From fa81aa6d027049e855b76f5408586a288f160575 Mon Sep 17 00:00:00 2001 +From: Markus Goetz <markus@woboq.com> +Date: Tue, 28 Apr 2015 11:57:36 +0200 +Subject: QNAM: Fix upload corruptions when server closes connection + +This patch fixes several upload corruptions if the server closes the connection +while/before we send data into it. They happen inside multiple places in the HTTP +layer and are explained in the comments. +Corruptions are: +* The upload byte device has an in-flight signal with pending upload data, if +it gets reset (because server closes the connection) then the re-send of the +request was sometimes taking this stale in-flight pending upload data. +* Because some signals were DirectConnection and some were QueuedConnection, there +was a chance that a direct signal overtakes a queued signal. The state machine +then sent data down the socket which was buffered there (and sent later) although +it did not match the current state of the state machine when it was actually sent. +* A socket was seen as being able to have requests sent even though it was not +encrypted yet. This relates to the previous corruption where data is stored inside +the socket's buffer and then sent later. + +The included auto test produces all fixed corruptions, I detected no regressions +via the other tests. +This code also adds a bit of sanity checking to protect from possible further +problems. + +[ChangeLog][QtNetwork] Fix HTTP(s) upload corruption when server closes connection + +(cherry picked from commit qtbase/cff39fba10ffc10ee4dcfdc66ff6528eb26462d3) +Change-Id: I9793297be6cf3edfb75b65ba03b65f7a133ef194 +Reviewed-by: Richard J. Moore <rich@kde.org> +--- + src/corelib/io/qnoncontiguousbytedevice.cpp | 19 +++ + src/corelib/io/qnoncontiguousbytedevice_p.h | 4 + + .../access/qhttpnetworkconnectionchannel.cpp | 47 +++++- + src/network/access/qhttpthreaddelegate_p.h | 36 ++++- + src/network/access/qnetworkaccesshttpbackend.cpp | 24 ++- + src/network/access/qnetworkaccesshttpbackend_p.h | 5 +- + tests/auto/qnetworkreply/tst_qnetworkreply.cpp | 174 ++++++++++++++++++++- + 7 files changed, 280 insertions(+), 29 deletions(-) + +diff --git a/src/corelib/io/qnoncontiguousbytedevice.cpp b/src/corelib/io/qnoncontiguousbytedevice.cpp +index bf58eee..1a0591e 100644 +--- a/src/corelib/io/qnoncontiguousbytedevice.cpp ++++ b/src/corelib/io/qnoncontiguousbytedevice.cpp +@@ -245,6 +245,12 @@ qint64 QNonContiguousByteDeviceByteArrayImpl::size() + return byteArray->size(); + } + ++qint64 QNonContiguousByteDeviceByteArrayImpl::pos() ++{ ++ return currentPosition; ++} ++ ++ + QNonContiguousByteDeviceRingBufferImpl::QNonContiguousByteDeviceRingBufferImpl(QSharedPointer<QRingBuffer> rb) + : QNonContiguousByteDevice(), currentPosition(0) + { +@@ -296,6 +302,11 @@ qint64 QNonContiguousByteDeviceRingBufferImpl::size() + return ringBuffer->size(); + } + ++qint64 QNonContiguousByteDeviceRingBufferImpl::pos() ++{ ++ return currentPosition; ++} ++ + QNonContiguousByteDeviceIoDeviceImpl::QNonContiguousByteDeviceIoDeviceImpl(QIODevice *d) + : QNonContiguousByteDevice(), + currentReadBuffer(0), currentReadBufferSize(16*1024), +@@ -415,6 +426,14 @@ qint64 QNonContiguousByteDeviceIoDeviceImpl::size() + return device->size() - initialPosition; + } + ++qint64 QNonContiguousByteDeviceIoDeviceImpl::pos() ++{ ++ if (device->isSequential()) ++ return -1; ++ ++ return device->pos(); ++} ++ + QByteDeviceWrappingIoDevice::QByteDeviceWrappingIoDevice(QNonContiguousByteDevice *bd) : QIODevice((QObject*)0) + { + byteDevice = bd; +diff --git a/src/corelib/io/qnoncontiguousbytedevice_p.h b/src/corelib/io/qnoncontiguousbytedevice_p.h +index b6966eb..d1a99a1 100644 +--- a/src/corelib/io/qnoncontiguousbytedevice_p.h ++++ b/src/corelib/io/qnoncontiguousbytedevice_p.h +@@ -69,6 +69,7 @@ public: + virtual const char* readPointer(qint64 maximumLength, qint64 &len) = 0; + virtual bool advanceReadPointer(qint64 amount) = 0; + virtual bool atEnd() = 0; ++ virtual qint64 pos() { return -1; } + virtual bool reset() = 0; + void disableReset(); + bool isResetDisabled() { return resetDisabled; } +@@ -108,6 +109,7 @@ public: + bool atEnd(); + bool reset(); + qint64 size(); ++ qint64 pos(); + protected: + QByteArray* byteArray; + qint64 currentPosition; +@@ -123,6 +125,7 @@ public: + bool atEnd(); + bool reset(); + qint64 size(); ++ qint64 pos(); + protected: + QSharedPointer<QRingBuffer> ringBuffer; + qint64 currentPosition; +@@ -140,6 +143,7 @@ public: + bool atEnd(); + bool reset(); + qint64 size(); ++ qint64 pos(); + protected: + QIODevice* device; + QByteArray* currentReadBuffer; +diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp +index 550e090..db2f712 100644 +--- a/src/network/access/qhttpnetworkconnectionchannel.cpp ++++ b/src/network/access/qhttpnetworkconnectionchannel.cpp +@@ -107,15 +107,19 @@ void QHttpNetworkConnectionChannel::init() + socket->setProxy(QNetworkProxy::NoProxy); + #endif + ++ // We want all signals (except the interactive ones) be connected as QueuedConnection ++ // because else we're falling into cases where we recurse back into the socket code ++ // and mess up the state. Always going to the event loop (and expecting that when reading/writing) ++ // is safer. + QObject::connect(socket, SIGNAL(bytesWritten(qint64)), + this, SLOT(_q_bytesWritten(qint64)), +- Qt::DirectConnection); ++ Qt::QueuedConnection); + QObject::connect(socket, SIGNAL(connected()), + this, SLOT(_q_connected()), +- Qt::DirectConnection); ++ Qt::QueuedConnection); + QObject::connect(socket, SIGNAL(readyRead()), + this, SLOT(_q_readyRead()), +- Qt::DirectConnection); ++ Qt::QueuedConnection); + + // The disconnected() and error() signals may already come + // while calling connectToHost(). +@@ -144,13 +148,13 @@ void QHttpNetworkConnectionChannel::init() + // won't be a sslSocket if encrypt is false + QObject::connect(sslSocket, SIGNAL(encrypted()), + this, SLOT(_q_encrypted()), +- Qt::DirectConnection); ++ Qt::QueuedConnection); + QObject::connect(sslSocket, SIGNAL(sslErrors(QList<QSslError>)), + this, SLOT(_q_sslErrors(QList<QSslError>)), + Qt::DirectConnection); + QObject::connect(sslSocket, SIGNAL(encryptedBytesWritten(qint64)), + this, SLOT(_q_encryptedBytesWritten(qint64)), +- Qt::DirectConnection); ++ Qt::QueuedConnection); + } + #endif + } +@@ -163,7 +167,8 @@ void QHttpNetworkConnectionChannel::close() + else + state = QHttpNetworkConnectionChannel::ClosingState; + +- socket->close(); ++ if (socket) ++ socket->close(); + } + + +@@ -280,6 +285,14 @@ bool QHttpNetworkConnectionChannel::sendRequest() + // nothing to read currently, break the loop + break; + } else { ++ if (written != uploadByteDevice->pos()) { ++ // Sanity check. This was useful in tracking down an upload corruption. ++ qWarning() << "QHttpProtocolHandler: Internal error in sendRequest. Expected to write at position" << written << "but read device is at" << uploadByteDevice->pos(); ++ Q_ASSERT(written == uploadByteDevice->pos()); ++ connection->d_func()->emitReplyError(socket, reply, QNetworkReply::ProtocolFailure); ++ return false; ++ } ++ + qint64 currentWriteSize = socket->write(readPointer, currentReadSize); + if (currentWriteSize == -1 || currentWriteSize != currentReadSize) { + // socket broke down +@@ -639,6 +652,14 @@ bool QHttpNetworkConnectionChannel::ensureConnection() + } + return false; + } ++ ++ // This code path for ConnectedState ++ if (pendingEncrypt) { ++ // Let's only be really connected when we have received the encrypted() signal. Else the state machine seems to mess up ++ // and corrupt the things sent to the server. ++ return false; ++ } ++ + return true; + } + +@@ -980,6 +1001,13 @@ void QHttpNetworkConnectionChannel::_q_readyRead() + void QHttpNetworkConnectionChannel::_q_bytesWritten(qint64 bytes) + { + Q_UNUSED(bytes); ++ ++ if (ssl) { ++ // In the SSL case we want to send data from encryptedBytesWritten signal since that one ++ // is the one going down to the actual network, not only into some SSL buffer. ++ return; ++ } ++ + // bytes have been written to the socket. write even more of them :) + if (isSocketWriting()) + sendRequest(); +@@ -1029,7 +1057,7 @@ void QHttpNetworkConnectionChannel::_q_connected() + + // ### FIXME: if the server closes the connection unexpectedly, we shouldn't send the same broken request again! + //channels[i].reconnectAttempts = 2; +- if (!pendingEncrypt) { ++ if (!pendingEncrypt && !ssl) { // FIXME: Didn't work properly with pendingEncrypt only, we should refactor this into an EncrypingState + state = QHttpNetworkConnectionChannel::IdleState; + if (!reply) + connection->d_func()->dequeueRequest(socket); +@@ -1157,7 +1185,10 @@ void QHttpNetworkConnectionChannel::_q_proxyAuthenticationRequired(const QNetwor + + void QHttpNetworkConnectionChannel::_q_uploadDataReadyRead() + { +- sendRequest(); ++ if (reply && state == QHttpNetworkConnectionChannel::WritingState) { ++ // There might be timing issues, make sure to only send upload data if really in that state ++ sendRequest(); ++ } + } + + #ifndef QT_NO_OPENSSL +diff --git a/src/network/access/qhttpthreaddelegate_p.h b/src/network/access/qhttpthreaddelegate_p.h +index 7648325..9dd0deb 100644 +--- a/src/network/access/qhttpthreaddelegate_p.h ++++ b/src/network/access/qhttpthreaddelegate_p.h +@@ -190,6 +190,7 @@ protected: + QByteArray m_dataArray; + bool m_atEnd; + qint64 m_size; ++ qint64 m_pos; // to match calls of haveDataSlot with the expected position + public: + QNonContiguousByteDeviceThreadForwardImpl(bool aE, qint64 s) + : QNonContiguousByteDevice(), +@@ -197,7 +198,8 @@ public: + m_amount(0), + m_data(0), + m_atEnd(aE), +- m_size(s) ++ m_size(s), ++ m_pos(0) + { + } + +@@ -205,6 +207,11 @@ public: + { + } + ++ qint64 pos() ++ { ++ return m_pos; ++ } ++ + const char* readPointer(qint64 maximumLength, qint64 &len) + { + if (m_amount > 0) { +@@ -232,11 +239,10 @@ public: + + m_amount -= a; + m_data += a; ++ m_pos += a; + +- // To main thread to inform about our state +- emit processedData(a); +- +- // FIXME possible optimization, already ask user thread for some data ++ // To main thread to inform about our state. The m_pos will be sent as a sanity check. ++ emit processedData(m_pos, a); + + return true; + } +@@ -253,10 +259,21 @@ public: + { + m_amount = 0; + m_data = 0; ++ m_dataArray.clear(); ++ ++ if (wantDataPending) { ++ // had requested the user thread to send some data (only 1 in-flight at any moment) ++ wantDataPending = false; ++ } + + // Communicate as BlockingQueuedConnection + bool b = false; + emit resetData(&b); ++ if (b) { ++ // the reset succeeded, we're at pos 0 again ++ m_pos = 0; ++ // the HTTP code will anyway abort the request if !b. ++ } + return b; + } + +@@ -267,8 +284,13 @@ public: + + public slots: + // From user thread: +- void haveDataSlot(QByteArray dataArray, bool dataAtEnd, qint64 dataSize) ++ void haveDataSlot(qint64 pos, QByteArray dataArray, bool dataAtEnd, qint64 dataSize) + { ++ if (pos != m_pos) { ++ // Sometimes when re-sending a request in the qhttpnetwork* layer there is a pending haveData from the ++ // user thread on the way to us. We need to ignore it since it is the data for the wrong(later) chunk. ++ return; ++ } + wantDataPending = false; + + m_dataArray = dataArray; +@@ -288,7 +310,7 @@ signals: + + // to main thread: + void wantData(qint64); +- void processedData(qint64); ++ void processedData(qint64 pos, qint64 amount); + void resetData(bool *b); + }; + +diff --git a/src/network/access/qnetworkaccesshttpbackend.cpp b/src/network/access/qnetworkaccesshttpbackend.cpp +index cc67258..fe2f627 100644 +--- a/src/network/access/qnetworkaccesshttpbackend.cpp ++++ b/src/network/access/qnetworkaccesshttpbackend.cpp +@@ -193,6 +193,7 @@ QNetworkAccessHttpBackendFactory::create(QNetworkAccessManager::Operation op, + QNetworkAccessHttpBackend::QNetworkAccessHttpBackend() + : QNetworkAccessBackend() + , statusCode(0) ++ , uploadByteDevicePosition(false) + , pendingDownloadDataEmissions(new QAtomicInt()) + , pendingDownloadProgressEmissions(new QAtomicInt()) + , loadingFromCache(false) +@@ -610,9 +611,9 @@ void QNetworkAccessHttpBackend::postRequest() + forwardUploadDevice->setParent(delegate); // needed to make sure it is moved on moveToThread() + delegate->httpRequest.setUploadByteDevice(forwardUploadDevice); + +- // From main thread to user thread: +- QObject::connect(this, SIGNAL(haveUploadData(QByteArray, bool, qint64)), +- forwardUploadDevice, SLOT(haveDataSlot(QByteArray, bool, qint64)), Qt::QueuedConnection); ++ // From user thread to http thread: ++ QObject::connect(this, SIGNAL(haveUploadData(qint64,QByteArray,bool,qint64)), ++ forwardUploadDevice, SLOT(haveDataSlot(qint64,QByteArray,bool,qint64)), Qt::QueuedConnection); + QObject::connect(uploadByteDevice.data(), SIGNAL(readyRead()), + forwardUploadDevice, SIGNAL(readyRead()), + Qt::QueuedConnection); +@@ -620,8 +621,8 @@ void QNetworkAccessHttpBackend::postRequest() + // From http thread to user thread: + QObject::connect(forwardUploadDevice, SIGNAL(wantData(qint64)), + this, SLOT(wantUploadDataSlot(qint64))); +- QObject::connect(forwardUploadDevice, SIGNAL(processedData(qint64)), +- this, SLOT(sentUploadDataSlot(qint64))); ++ QObject::connect(forwardUploadDevice,SIGNAL(processedData(qint64, qint64)), ++ this, SLOT(sentUploadDataSlot(qint64,qint64))); + connect(forwardUploadDevice, SIGNAL(resetData(bool*)), + this, SLOT(resetUploadDataSlot(bool*)), + Qt::BlockingQueuedConnection); // this is the only one with BlockingQueued! +@@ -915,12 +916,21 @@ void QNetworkAccessHttpBackend::replySslConfigurationChanged(const QSslConfigura + void QNetworkAccessHttpBackend::resetUploadDataSlot(bool *r) + { + *r = uploadByteDevice->reset(); ++ if (*r) { ++ // reset our own position which is used for the inter-thread communication ++ uploadByteDevicePosition = 0; ++ } + } + + // Coming from QNonContiguousByteDeviceThreadForwardImpl in HTTP thread +-void QNetworkAccessHttpBackend::sentUploadDataSlot(qint64 amount) ++void QNetworkAccessHttpBackend::sentUploadDataSlot(qint64 pos, qint64 amount) + { ++ if (uploadByteDevicePosition + amount != pos) { ++ // Sanity check, should not happen. ++ error(QNetworkReply::UnknownNetworkError, ""); ++ } + uploadByteDevice->advanceReadPointer(amount); ++ uploadByteDevicePosition += amount; + } + + // Coming from QNonContiguousByteDeviceThreadForwardImpl in HTTP thread +@@ -933,7 +943,7 @@ void QNetworkAccessHttpBackend::wantUploadDataSlot(qint64 maxSize) + QByteArray dataArray(data, currentUploadDataLength); + + // Communicate back to HTTP thread +- emit haveUploadData(dataArray, uploadByteDevice->atEnd(), uploadByteDevice->size()); ++ emit haveUploadData(uploadByteDevicePosition, dataArray, uploadByteDevice->atEnd(), uploadByteDevice->size()); + } + + /* +diff --git a/src/network/access/qnetworkaccesshttpbackend_p.h b/src/network/access/qnetworkaccesshttpbackend_p.h +index 13519c6..b4ed67c 100644 +--- a/src/network/access/qnetworkaccesshttpbackend_p.h ++++ b/src/network/access/qnetworkaccesshttpbackend_p.h +@@ -112,7 +112,7 @@ signals: + + void startHttpRequestSynchronously(); + +- void haveUploadData(QByteArray dataArray, bool dataAtEnd, qint64 dataSize); ++ void haveUploadData(const qint64 pos, QByteArray dataArray, bool dataAtEnd, qint64 dataSize); + private slots: + // From HTTP thread: + void replyDownloadData(QByteArray); +@@ -129,13 +129,14 @@ private slots: + // From QNonContiguousByteDeviceThreadForwardImpl in HTTP thread: + void resetUploadDataSlot(bool *r); + void wantUploadDataSlot(qint64); +- void sentUploadDataSlot(qint64); ++ void sentUploadDataSlot(qint64, qint64); + + bool sendCacheContents(const QNetworkCacheMetaData &metaData); + + private: + QHttpNetworkRequest httpRequest; // There is also a copy in the HTTP thread + int statusCode; ++ qint64 uploadByteDevicePosition; + QString reasonPhrase; + // Will be increased by HTTP thread: + QSharedPointer<QAtomicInt> pendingDownloadDataEmissions; + |