Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
None
-
5.0.0 RC 1
-
None
-
70f3c78218c59d1029ea47d1b4fcc869a747f268
Description
There is a potential buffer overflow bug in src/plugins/platforms/xcb/qxcbwindow.cpp.
The code uses a fixed-length array in stack to construct a buffer that can have varying number of elements. The array has length of 4, but in certain conditions, up to 5 elements can be written, causing stack corruption.
Attached is a patch for current qtbase HEAD.
Attachments
For Gerrit Dashboard: QTBUG-27123 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
34970,1 | Prevent buffer overflow in QXcbWindow. | master | qt/qtbase | Status: MERGED | +2 | 0 |