Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.12.1, 5.13.0 Alpha 1, 5.14
-
Manjaro Linux
clang 7.0.1
gcc 8.2.1
-
b959074afb43d25c1a8818e0528004f8cf073ae2 (qt/qtdeclarative/5.12)
Description
- Have a simple program running QJSEngine::evaluate (evaluate-cli.zip).
#include <QCoreApplication> #include <QFile> #include <QJSEngine> int main(int argc, char *argv[]) { QCoreApplication a(argc, argv); if (argc < 2) return -1; QFile inFile(argv[1]); inFile.open(QFile::ReadOnly); QJSEngine().evaluate(inFile.readAll()); return 0; }
- Build it on Qt 5.12.1.
- Run the program passing the attached input file as parameter: .5.toString(5)
The program runs out of memory and crashes.
Attachments
For Gerrit Dashboard: QTBUG-73999 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
245301,10 | Add libfuzzer test for QJSEngine::evaluate() | dev | qt/qtdeclarative | Status: MERGED | +2 | 0 |
254131,3 | fuzzing: Add file which causes QJSEngine::evaluate to go oom | master | qt/qtqa | Status: MERGED | +2 | 0 |
254180,2 | Unify and fix number to string conversion with radix | 5.12 | qt/qtdeclarative | Status: MERGED | +2 | 0 |