Details
-
Task
-
Resolution: Done
-
P3: Somewhat important
-
None
-
None
-
None
-
All
-
13
-
Foundation_Sprint 41 (Team 1)
Description
In the process, remove the dead-code QLocaleData::stringToDouble and, deploying this so as to make QByteArray::nulTerminated(), remove that monstrosity, too.
As stringToLongLong() and stringToUnsLongLong() currently don't take their size, callers are obliged to '\0'-terminate their data before calling; this may oblige callers to copy the data if the subject string is not the tail of the actual string of which it is a part.
Furthermore, as these two functions (lacking knowledge of the data's size) necessarily stop at the first '\0' in the data, they may fail to recognise a '\0' internal to the data, along with any characters after it within the intended size, as "trailing junk". thiago says this introduces security concerns.
Attachments
Issue Links
- relates to
-
QTBUG-85580 Often-used function `qt_asciiToDouble` may read past end of buffer
-
- Closed
-
-
-
- Closed
-
-
QTBUG-79902
QLocale: make fuller and more faithful use of the CLDR data
-
- Open
-
-
QTBUG-66115 Let (QString|QLocale)::toFloat ignore trailing non-digits
-
- Open
-
| For Gerrit Dashboard: QTBUG-74286 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 363876,11 | Limit integral parsing by the size of the data | dev | qt/qtbase | Status: ABANDONED | +1 | 0 |
| 364026,18 | Get rid of QByteArray::nulTerminated() | dev | qt/qtbase | Status: MERGED | +2 | 0 |
| 367368,3 | Replace FreeBSD's strtou?ll() with std::from_chars()-based strntou?ll() | dev | qt/qtbase | Status: MERGED | +2 | 0 |
| 367370,3 | Rework QLocalePrivate::bytearrayToU?LongLong() | dev | qt/qtbase | Status: MERGED | +2 | 0 |
