From 0f21decf41e052855570d1c7400428911426eec7 Mon Sep 17 00:00:00 2001
From: Ulf Hermann <ulf.hermann@qt.io>
Date: Fri, 8 Sep 2017 14:32:06 +0200
Subject: [PATCH] QmlProfiler: Correctly handle invalid message types

We might get malformed events from the application. Clamp message and
range types into the allowed enum values when reading and reset the
event data when reading an invalid event.

Change-Id: Id76a3a8b8ed9378f9fb1acf15cf46d20758ca030
Reviewed-by: Milian Wolff <milian.wolff@kdab.com>
---
 src/plugins/qmlprofiler/qmlprofilertracefile.cpp | 2 +-
 src/plugins/qmlprofiler/qmltypedevent.cpp        | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/plugins/qmlprofiler/qmlprofilertracefile.cpp b/src/plugins/qmlprofiler/qmlprofilertracefile.cpp
index 710461b6565..87f6e89e441 100644
--- a/src/plugins/qmlprofiler/qmlprofilertracefile.cpp
+++ b/src/plugins/qmlprofiler/qmlprofilertracefile.cpp
@@ -108,7 +108,7 @@ static QString qmlTypeAsString(Message message, RangeType rangeType)
 {
     if (rangeType < MaximumRangeType)
         return _(RANGE_TYPE_STRINGS[rangeType]);
-    else if (message != MaximumMessage)
+    else if (message < MaximumMessage)
         return _(MESSAGE_STRINGS[message]);
     else
         return QString::number((int)rangeType);
diff --git a/src/plugins/qmlprofiler/qmltypedevent.cpp b/src/plugins/qmlprofiler/qmltypedevent.cpp
index 58d7aae8d75..30bfeb9b705 100644
--- a/src/plugins/qmlprofiler/qmltypedevent.cpp
+++ b/src/plugins/qmlprofiler/qmltypedevent.cpp
@@ -36,10 +36,15 @@ QDataStream &operator>>(QDataStream &stream, QmlTypedEvent &event)
 
     stream >> time >> messageType;
 
+    if (messageType < 0 || messageType > MaximumMessage)
+        messageType = MaximumMessage;
+
     RangeType rangeType = MaximumRangeType;
     if (!stream.atEnd()) {
         stream >> subtype;
         rangeType = static_cast<RangeType>(subtype);
+        if (rangeType < 0 || rangeType > MaximumRangeType)
+            rangeType = MaximumRangeType;
     } else {
         subtype = -1;
     }
@@ -180,6 +185,7 @@ QDataStream &operator>>(QDataStream &stream, QmlTypedEvent &event)
         break;
     }
     default:
+        event.event.setNumbers<char>({});
         event.type = QmlEventType(static_cast<Message>(messageType), MaximumRangeType, subtype);
         break;
     }