Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
None
-
5.0.0 RC 1
-
None
-
70f3c78218c59d1029ea47d1b4fcc869a747f268
Description
There is a potential buffer overflow bug in src/plugins/platforms/xcb/qxcbwindow.cpp.
The code uses a fixed-length array in stack to construct a buffer that can have varying number of elements. The array has length of 4, but in certain conditions, up to 5 elements can be written, causing stack corruption.
Attached is a patch for current qtbase HEAD.