Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72937

heap-buffer-overflow when passing invalid input to QTextDocument::setMarkdown

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: P1: Critical P1: Critical
    • None
    • Some future release
    • GUI: Text handling
    • Ubuntu 18.04 LTS 64 bit
      gcc 7.3.0
      clang 6.0

      1. Build the attached demo project on a Qt version built with "-sanitize address": 
        #include <QFile>
#include <QTextDocument>

int main(int argc, char *argv[])
{
    QFile f(argv[1]);
    f.open(QFile::ReadOnly);
    QTextDocument().setMarkdown(f.readAll());
    return 0;
}

        Of course, this requires https://codereview.qt-project.org/214843/.

      2. Run it passing the filename of the attached malformed file as first parameter.
        The program crashes and writes command line output about the overflow.

        1. markdown.zip
          0.6 kB
          Robert Löhning
        2. QTBUG-72937.md
          0.0 kB
          Robert Löhning
        3. overflow.out
          6 kB
          Robert Löhning
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            srutledg Shawn Rutledge
            rlohning Robert Löhning
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes