Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-28518

Deserializing a QVector from a QDataStream should be defensive

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: P3: Somewhat important P3: Somewhat important
    • None
    • 4.8.4, 5.0.0 RC 1
    • Core: Containers and Algorithms
    • None

      The QVector parsing done by QDataStream can be used by a remote process to a segmentation fault. High level: specifying a very large size of a very large type and that the QDataStream is not checked for atEnd. This can be improved in two ways: do not resize the QVector instead use append, secondly, check atEnd of s (the QDataStream).

      I think this is really a critical vulnerability and should be addressed and back ported immediately.

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Unassigned Unassigned
            davidiw David Wolinsky
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:

                There are no open Gerrit changes