Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-129777

TOCTOU in QTranslator::load()'s helper find_translation()

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P2: Important
    • None
    • 4.8.0, 6.8.0, 6.9
    • Core: Locales (i18n)
    • None
    • All
    • c41aa8961 (dev)

    Description

      The QTranslator::load(const QLocale &, const QString &, const QString &, const QString &, const QString &) overload calls a find_translation() helper that returns the name of a selected file, which load() passes off to do_load(). Between find_translation() calling to is_readable_file() and do_load() actually opening the file, the reality on disk may have changed, making this a classic example of a TOCTOU (time of choice / time of use) error.

      The return from find_translation() should be an open QFile that load() passes to a new overload of do_load() that picks up where the present do_load(const QString &, const QString &) gets round to opening a QFile . Alternatively, find_translation() could call do_load() and return its status.

      Noticed by thiago in a related review.

      Attachments

        For Gerrit Dashboard: QTBUG-129777
        # Subject Branch Project Status CR V
        597027,6 QTranslator: refactor loading translation files dev qt/qtbase Status: MERGED +2 -1

        Activity

          People

            ahmad.samir Ahmad Samir
            Eddy Edward Welbourne
            Kai Köhne Kai Köhne
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes