Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-127398

write_xbm_image doesn't sanitize fileName argument

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P3: Somewhat important
    • None
    • 5.15.17, 6.0.4, 6.1.3, 6.2.12, 6.3.2, 6.4.3, 6.5.6, 6.6.3, 6.7.2, 6.8.0 Beta2
    • Image formats
    • None

    Description

      The write_xbm_image() function assumes that the filename is a C-compatible identifier:

      qsnprintf(buf, msize, "#define %s_width %d\n", fileName.toUtf8().data(), image.width());

      The file name seems to be set using options, so could be anything.

      I don't know how the XBM format is defined, but at least a file name containing "meep_width 1000000\n#define ignoreme" looks like it will produce an ill-formed output file.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            vgt Eirik Aavitsland
            mmutz Marc Mutz
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes