Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-107619

V4: Memory corruption due to unchecked length usage

    XMLWordPrintable

Details

    • 67bb71a051 (qt/qtdeclarative/dev) 67bb71a051 (qt/tqtc-qtdeclarative/dev) f1bcb6c2c6 (qt/qtdeclarative/6.4) f1bcb6c2c6 (qt/tqtc-qtdeclarative/6.4) f1bcb6c2c6 (qt/tqtc-qtdeclarative/tqtc/qtinsight-6.4), 94fd52dbb (tqtc/lts-5.15)

    Description

      We have a few places where we pass the result of getLength() (int64) to Scope::alloc (int). As the result of getLength is user controllable, this can be used to either pass a negative number to alloc, or to allocate huge amounts of memory.

      As QML assumes trusted input, that's not a security issue per se, but it's still a potential crash-bug and needs to be fixed

      Attachments

        For Gerrit Dashboard: QTBUG-107619
        # Subject Branch Project Status CR V

        Activity

          People

            qtqmlteam Qt Qml Team User
            fabiankosmale Fabian Kosmale
            Vladimir Minenko Vladimir Minenko
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews