Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72937

heap-buffer-overflow when passing invalid input to QTextDocument::setMarkdown

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: Some future release
    • Fix Version/s: None
    • Component/s: GUI: Text handling
    • Environment:
      Ubuntu 18.04 LTS 64 bit
      gcc 7.3.0
      clang 6.0

      Description

      1. Build the attached demo project on a Qt version built with "-sanitize address":
        #include <QFile>
        #include <QTextDocument>
        
        int main(int argc, char *argv[])
        {
            QFile f(argv[1]);
            f.open(QFile::ReadOnly);
            QTextDocument().setMarkdown(f.readAll());
            return 0;
        }
        

        Of course, this requires https://codereview.qt-project.org/214843/.

      2. Run it passing the filename of the attached malformed file as first parameter.
        The program crashes and writes command line output about the overflow.

        Attachments

        1. QTBUG-72937.md
          0.0 kB
        2. overflow.out
          6 kB
        3. markdown.zip
          0.6 kB

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              srutledg Shawn Rutledge
              Reporter:
              rlohning Robert Löhning
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes