-
Task
-
Resolution: Fixed
-
P1: Critical
-
None
-
None
-
2
-
ed3589374 (dev), 37950e7d3 (6.10), f49ba1a6e (dev), 60f215bd5 (6.10), 9ad39d7c9 (6.9), c74308d0f (tqtc/lts-6.8), 80f09dce0 (tqtc/lts-6.5), 6ad47e446 (6.9), e36e4cb12 (tqtc/lts-6.8)
-
Foundation Sprint 135, Foundation Sprint 136
The fallback qvsnprintf() function (the one calling QString::asprintf().toLocal8Bit(), used on at least Android and WASM) didn't check the size of the resulting QByteArray fits into int, truncating to return the value.
This may cause caller of the function to assume success (res < n) even though the function failed. In particular, it may cause the caller to trust the return value to allocate a buffer and strcpy() the string into there, which, since the NUL bytes is at n and not at result, overflows the target buffer.
The function should handle this like POSIX asks for: return -1 and set errno to EOVERFLOW (cf. https://pubs.opengroup.org/onlinepubs/9699919799/functions/fprintf.html)
- resulted from
-
QTBUG-135195 Review qtbase/src/corelib/text
-
- In Progress
-
-
QTBUG-103531 Finish migration to qsizetype [qtbase/src/corelib/text]
-
- Closed
-