Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.12.8, 5.15.0 Beta2
Affects Version/s: 5.5.0
Component/s: XML: Stream Reader/Writer
Labels:
None
Environment:
Linux, Windows

Commits:
fd4be84d23a0db4186cb42e736a9de3af722c7f7 (qt/qtbase/dev) f432c08882ffebe5074ea28de871559a98a4d094 (qt/qtbase/5.12.8)

a svg can be made to contain a xml bomb (https://en.wikipedia.org/wiki/Billion_laughs).
When Qt tries to parse the svg an out of memory situation may occur. I.e. no detection of reference loops exist.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

example.cpp
1 kB
27 Jul '15 14:43
example1.cpp
1 kB
28 Jul '15 13:06
main.cpp
1 kB
21 Feb '19 21:49

is duplicated by

QTBUG-50748 XMLStreamReader vulnerable to XML 'bomb'

Closed

relates to

QTBUG-82153 Exponential use node instantiation in SVG

Closed

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Assignee:: Lars Knoll

Reporter:: user-5e788 (Inactive)

Votes:: 3 Vote for this issue

Watchers:: 17 Start watching this issue

Created:: 24 Jul '15 05:06

Updated:: 16 Apr '20 23:21

Resolved:: 27 Feb '20 08:16

There are no open Gerrit changes

Show There are 2 closed Gerrit changes

Hide There are 2 closed Gerrit changes

Add an expansion limit for entities: Gerrit Review:

Add an expansion limit for entities: Gerrit Review:

Details

Description

Attachments

Attachments

Issue Links

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews