Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-138520

Harden QTextStream's internal APIs

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • P2: Important
    • None
    • None
    • Core: Serialization
    • None
    • 2
    • 99dd2bb81 (dev), 897567c4e (dev), 5fca6c51c (dev), a9f252cc4 (dev), 6fa8db333 (dev), 98c7e69bc (6.10), 821270975 (6.10)
    • Foundation Sprint 134

    Description

      As a security-critical component, QTextStream should have internal APIs that are hard to abuse. But there are error-prone (ptr, size) functions, which should be using views instead. And there's, in particular, the putString() overload set, which is "dangerous", since it contains (ptr, size, bool=false) and (view, bool) overloads which are prone to incorrectly resolve some (p, n) overloads towards the latter instead of the former (e.g. if the ptr isn't QChar, but something accepted by the view).

      Acceptance criteria:

      • replace (ptr, n) functions with ones taking view
      • either replace the bool parameter by a tag struct, or split putString() into putString() and putNumber().

      Attachments

        Issue Links

          resulted from

          Task - A task that needs to be done. QTBUG-135194 Review qtbase/src/serialization

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; Flaky tests; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          For Gerrit Dashboard: QTBUG-138520
          # Subject Branch Project Status CR V
          662200,1 QTextStreamPrivate: fix a particularly nasty Bool Trap dev qt/qtbase Status: NEW +1 0
          662395,2 QTextStream: prefer QStringView overload of Private::putString() 6.9 qt/qtbase Status: NEW +1 0

          Activity