-
Bug
-
Resolution: Done
-
P2: Important
-
5.15
-
204b6c99089bcf7893be326e7d0076402b7abf0c (qt/qtbase/dev) db0893a7e302fac1808a67541ef190293661348d (qt/qtbase/5.15), 66081c52b (dev), 5deee1e5a (6.9), 1c453be01 (6.8), 040839c10 (tqtc/lts-6.5), 12cec9769 (tqtc/lts-5.15)
In qcssparser.cpp:1701
features |= static_cast<int>(findKnownValue(d->values.value(i).variant.toString(), styleFeatures, NumKnownStyleFeatures));
styleFeatures is an array of length 3, and NumKnownStyleFeatures is 4. Inside findKnownValue() the array is accessed at index 3, which is an out-of-bounds access.
See screenshot for visualisation of the issue.
- mentioned in
-
Page Loading...