Priority: P3: Somewhat important
Affects Version/s: 6.2.0 Beta2
Fix Version/s: None
Component/s: Core: QString and Unicode
QStringDecoder currently seems to accept any input, including disallowed range U+D800—U+DFFF reserved for UTF-16 surrogates and out of bound characters with codes >= 0x110000. It also accepts non-multiples of 4 without indicating errors (it does produce replacement characters though). Similarly QString's constructed from invalid UCS4 data do not show errors in any.
U+10300 replaces the actual character due to Jira limitations. Note that hasError() always returns false. Changing the decoder flags does not seem to influence that.
For QStrings constructed from the same data I would expect either an empty string produced or one that contain replacement characters.
This simplifies exploiting bugs like