Details
-
Bug
-
Resolution: Fixed
-
P2: Important
-
5.15
-
None
-
-
e696bec76 (dev), 60d60dba7 (6.7), 06618fbeb (6.6), b7792d9b8 (tqtc/lts-6.5)
Description
When reading a QByteArray from QDataStream, the data stream first reads 4 bytes indicating the byte array payload size. It then attempts to allocate memory with the given size. In the case of reading from corrupted data, it may throw a std::bad_alloc exception due to an invalid size being read. It is better to limit the maximum allocation size and discard the allocations greater than defined maximum.
Attachments
For Gerrit Dashboard: QTBUG-120012 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
525065,3 | QDataStream & QResource: document their lack of security-hardening | dev | qt/qtbase | Status: MERGED | +2 | 0 |
527201,2 | QDataStream & QResource: document their lack of security-hardening | 6.7 | qt/qtbase | Status: MERGED | +2 | 0 |
527292,2 | QDataStream & QResource: document their lack of security-hardening | 6.6 | qt/qtbase | Status: MERGED | +2 | 0 |
527320,2 | QDataStream & QResource: document their lack of security-hardening | tqtc/lts-6.5 | qt/tqtc-qtbase | Status: MERGED | +2 | 0 |