Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Unresolved
Priority: P2: Important
Fix Version/s: None
Affects Version/s: None
Component/s: Core: Serialization
Labels:
None

Description

We currently document¹ that you shan't use QDataStream for untrusted input, but that fails the reality check. QDataStream is used in QSettings, e.g., where user code cannot possibly check input before it's passed to QDataStream. And if users are asked to open a file containing QDataStream'ed content, it may just be in the wrong format. QDataStream must not explode in these circumstances, documented or not.

So we should add global and local limits on e.g. the amount of memory allocated, the size of containers being de/serialized, or the depth of recursion², etc., to protect the implementation against exhausting of the hardware resources.

This still means Garbage In, Garbage Out, but we should never, ever, run into UB or exceed these limits when they're set, thereby ensuring that the app will be able to survive even if presented with files of the wrong format, or random data.

¹ https://doc.qt.io/qt-6/qdatastream.html#corruption-and-security
² independent of a limit, we should never use recursion to read a data structure, and we should avoid it for writing, too

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Qt Core & Network

Reporter:: Marc Mutz

PM Owner:: Vladimir Minenko

RnD Owner:: Alex Blasche

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29 Apr '24 07:00

Updated:: 30 Apr '24 14:27

Gerrit Reviews

There are no open Gerrit changes