Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-106024

[QAxServerBase::Invoke] ActiveQt should only call the dispatch method if the types match

    XMLWordPrintable

Details

    • Windows

    Description

      ActiveQt is blindly smashing any Qt::Usertype compatible object (including any IUnknown, IDispatch, etc.) into a void pointer and passing it into the dispatch method.

      Pointer smashing in this way might even be considered a security vulnerability, which could allow an arbitrary code execution.

      https://github.com/qt/qtactiveqt/blob/9771bfaf97939203c014def6cfab2a9e8f043745/src/activeqt/control/qaxserverbase.cpp#L2442-L2447

      ActiveQt should only call the dispatch method if the types match – ActiveQt already knows the ptype, and if the ptype doesn't match the signature of the method we're going to call, then ActiveQt should fail the call with ERROR_INVALID_PARAMETER or something.

      In a case, a dispatch method received the QAxServerBase class, the wrong type entirely, instead of being rejected.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-106014 ActiveQt fails to handle VT_UNKNOWN

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              vhilshei Volker Hilsheimer
              nagrohn Nahomi Gröhn (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes