Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-28518

Deserializing a QVector from a QDataStream should be defensive

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P3: Somewhat important
    • None
    • 4.8.4, 5.0.0 RC 1
    • Core: Containers and Algorithms
    • None

    Description

      The QVector parsing done by QDataStream can be used by a remote process to a segmentation fault. High level: specifying a very large size of a very large type and that the QDataStream is not checked for atEnd. This can be improved in two ways: do not resize the QVector instead use append, secondly, check atEnd of s (the QDataStream).

      I think this is really a critical vulnerability and should be addressed and back ported immediately.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            Unassigned Unassigned
            davidiw David Wolinsky
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes