Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-43513

QXmlStreamReader infinite loop with specially crafted input

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P3: Somewhat important
    • 5.4.1
    • 4.8.6, 5.3.2, 5.4.0
    • XML: Stream Reader/Writer
    • Debian/Jessie amd64 with qt-4.8.6 and qt-5.3.2
      OpenBSD-current amd64 with qt-4.8.6
    • 817800ad39df10ca78e2c965a61d4d2025df622b

    Description

      With specially crafted input (found with afl), QXmlStreamReader gets into infinite loop consuming 100% CPU. To reproduce, compile the attached reader.cc and run like this:

      ./reader input.xml

      The second call to reader.readNext() won't return and enter infinite loop.

      When running in gdb and interrupted, the backtrace looks like this:

      (gdb) bt
      #0 0x00001dc2d8b9ae23 in QXmlStreamReaderPrivate::scanUntil () from /usr/local/lib/libQtCore.so.9.0
      #1 0x00001dc2d8ba0c00 in QXmlStreamReaderPrivate::parse () from /usr/local/lib/libQtCore.so.9.0
      #2 0x00001dc2d8ba5279 in QXmlStreamReader::readNext () from /usr/local/lib/libQtCore.so.9.0
      #3 0x00001dc0a2b01935 in main () from /home/ralf/dev/qt/reader

      Attachments

        1. input.xml
          0.1 kB
          Ralf Horstmann
        2. reader.cc
          0.3 kB
          Ralf Horstmann
        3. reader.pro
          0.0 kB
          Ralf Horstmann
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            thiago Thiago Macieira
            ralfh Ralf Horstmann
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes