Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72937

heap-buffer-overflow when passing invalid input to QTextDocument::setMarkdown

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: Some future release
    • Fix Version/s: None
    • Component/s: GUI: Text handling
    • Environment:
      Ubuntu 18.04 LTS 64 bit
      gcc 7.3.0
      clang 6.0

      Description

      1. Build the attached demo project on a Qt version built with "-sanitize address":
        #include <QFile>
        #include <QTextDocument>
        
        int main(int argc, char *argv[])
        {
            QFile f(argv[1]);
            f.open(QFile::ReadOnly);
            QTextDocument().setMarkdown(f.readAll());
            return 0;
        }
        

        Of course, this requires https://codereview.qt-project.org/214843/.

      2. Run it passing the filename of the attached malformed file as first parameter.
        The program crashes and writes command line output about the overflow.

        Attachments

        1. markdown.zip
          0.6 kB
        2. overflow.out
          6 kB
        3. QTBUG-72937.md
          0.0 kB

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              • Assignee:
                srutledg Shawn Rutledge
                Reporter:
                rlohning Robert Löhning
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes