Details
-
Task
-
Resolution: Done
-
P3: Somewhat important
-
None
-
None
-
None
-
-
13
-
Foundation_Sprint 41 (Team 1)
Description
In the process, remove the dead-code QLocaleData::stringToDouble and, deploying this so as to make QByteArray::nulTerminated(), remove that monstrosity, too.
As stringToLongLong() and stringToUnsLongLong() currently don't take their size, callers are obliged to '\0'-terminate their data before calling; this may oblige callers to copy the data if the subject string is not the tail of the actual string of which it is a part.
Furthermore, as these two functions (lacking knowledge of the data's size) necessarily stop at the first '\0' in the data, they may fail to recognise a '\0' internal to the data, along with any characters after it within the intended size, as "trailing junk". thiago says this introduces security concerns.
Attachments
Issue Links
- relates to
-
QTBUG-85580 Often-used function `qt_asciiToDouble` may read past end of buffer
- Closed
-
QTBUG-85581 QByteArray .toDouble() does not call nulTerminated()
- Closed
-
QTBUG-79902 QLocale: make fuller and more faithful use of the CLDR data
- Open
-
QTBUG-66115 Let (QString|QLocale)::toFloat ignore trailing non-digits
- Open