Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72937

heap-buffer-overflow when passing invalid input to QTextDocument::setMarkdown

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: Some future release
    • Fix Version/s: None
    • Component/s: GUI: Text handling
    • Environment:
      Ubuntu 18.04 LTS 64 bit
      gcc 7.3.0
      clang 6.0

      Description

      1. Build the attached demo project on a Qt version built with "-sanitize address":
        #include <QFile>
        #include <QTextDocument>
        
        int main(int argc, char *argv[])
        {
            QFile f(argv[1]);
            f.open(QFile::ReadOnly);
            QTextDocument().setMarkdown(f.readAll());
            return 0;
        }
        

        Of course, this requires https://codereview.qt-project.org/214843/.

      2. Run it passing the filename of the attached malformed file as first parameter.
        The program crashes and writes command line output about the overflow.

        Attachments

        1. markdown.zip
          0.6 kB
          Robert Löhning
        2. overflow.out
          6 kB
          Robert Löhning
        3. QTBUG-72937.md
          0.0 kB
          Robert Löhning

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              srutledg Shawn Rutledge
              Reporter:
              rlohning Robert Löhning
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes