Details
-
Suggestion
-
Resolution: Done
-
P4: Low
-
5.9.4, 5.10.1
-
None
-
892d5607d0b1c9e010ea10a1123e68741c46c21e (qt/qtbase/dev)
Description
I have noticed that plugin metadata is extracted from 'dll' libraries by looking for "QTMETADATA " magic string.
http://code.qt.io/cgit/qt/qtbase.git/tree/src/corelib/plugin/qlibrary.cpp#n277
It does so by reading 'dll' file in the reverse, so if metadata itself contains a string "QTMETADATA ", it will crash the applicatoin. I'm kinda worried that someone may actually use the string such as "QTMETADATA" in his metadata or other resource. At least for me uniqueness of "QTMETADATA " string is debatable . It may be unlikely, but I would mention this in documentation.
I think a proper PE/COFF parser along with ELF parser would be beneficial.
I think it would be worth considering if there shouldn't be something like QBinaryParser in Qt itself. Many Qt components could utilize it (QtCreator, QPLuginLoader, windeployqt tool, possibly rcc and others). Qt is a binary-based toolkit, so binary parser seems to be natural necessity. What do you think?
Attachments
For Gerrit Dashboard: QTBUG-67461 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
373821,4 | QPlugin: change the generic metadata scan to forwards | dev | qt/qtbase | Status: MERGED | +2 | 0 |
381447,9 | QPluginLoader: add COFF PE file parser | dev | qt/qtbase | Status: MERGED | +2 | 0 |