Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P2: Important
Fix Version/s: 6.5.4, 6.6.2, 6.7.0 Beta2, 6.8.0 FF
Affects Version/s: 5.15
Component/s: Documentation
Labels:
None

Platform/s:

Linux/X11
Commits:
e696bec76 (dev), 60d60dba7 (6.7), 06618fbeb (6.6), b7792d9b8 (tqtc/lts-6.5)

Description

When reading a QByteArray from QDataStream, the data stream first reads 4 bytes indicating the byte array payload size. It then attempts to allocate memory with the given size. In the case of reading from corrupted data, it may throw a std::bad_alloc exception due to an invalid size being read. It is better to limit the maximum allocation size and discard the allocations greater than defined maximum.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Thiago Macieira

Reporter:: ali mosawi

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 12 Dec '23 07:00

Updated:: 22 Dec '23 12:34

Resolved:: 21 Dec '23 14:40

Gerrit Reviews

There are no open Gerrit changes

Show There are 4 closed Gerrit changes

Hide There are 4 closed Gerrit changes

QDataStream & QResource: document their lack of security-hardening: Gerrit Review:

QDataStream & QResource: document their lack of security-hardening: Gerrit Review:

QDataStream & QResource: document their lack of security-hardening: Gerrit Review:

QDataStream & QResource: document their lack of security-hardening: Gerrit Review: