Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-88253

[REG 5.15 -> 6.0] QCborStreamReader allocates 2 GiB for 8 B file

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 6.0.1, 6.1.0 Alpha
    • 6.0.0 Beta4
    • Core: I/O
    • Ubuntu 20.04 LTS 64 bit
      clang 10.0.0
      Built with qmake
    • 9a55f40937d037d06e00b09465d8dad0554692fc (qt/qtbase/dev) 3caacb2f2bbd3947f79d9351b7c9af4517271875 (qt/qtbase/6.0)

    Description

      1. To visualize the problem without a debugger or memory limits, add the attached patch.
        It just adds a qDebug() to show which value is being passed into QByteArray::resize().
      2. Build Qt with that patch.
      3. Build the attached project on this build of Qt.
      4. Run the resulting program with the attached input.
        You'll see: 
        Allocating 1
Allocating 2147483641

        Allocating 2 GiB of memory doesn't seem appropriate for an 8 byte file.

      This is a regression from Qt 5.15. There, you'll only see:

      Allocating 1

      Attachments

        1. report.pro
          0.1 kB
        2. main.cpp
          0.2 kB
        3. input.cbor
          0.0 kB
        4. cleansed.cbor
          0.0 kB
        5. 0001-Add-debug-output.patch
          0.8 kB

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-88256 [REG 5.15 -> 6.0] QCborValue::fromCbor allocates 2 GiB for 8 B input

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          For Gerrit Dashboard: QTBUG-88253
          # Subject Branch Project Status CR V
          320807,5 QCborStreamReader: avoid allocating result if data is insufficient dev qt/qtbase Status: MERGED +2 0
          321474,2 QCborStreamReader: avoid allocating result if data is insufficient 5.15 qt/qtbase Status: ABANDONED +2 0
          322040,5 QCborStreamReader: move the UTF-8 decoding into readStringChunk dev qt/qtbase Status: MERGED +2 0
          322052,3 QString/QByteArray: add missing Q_CHECK_PTR dev qt/qtbase Status: MERGED +2 0
          325668,2 QString/QByteArray: add missing Q_CHECK_PTR 6.0 qt/qtbase Status: MERGED +2 0
          325673,2 QCborStreamReader: avoid allocating result if data is insufficient 6.0 qt/qtbase Status: MERGED +2 0
          325898,3 QCborStreamReader: move the UTF-8 decoding into readStringChunk 6.0 qt/qtbase Status: MERGED +2 0
          325899,1 QCborStreamReader: move the UTF-8 decoding into readStringChunk 5.15 qt/qtbase Status: ABANDONED 0 0
          326369,2 fuzzing: Add cbor files which ran out of memory dev qt/qtqa Status: MERGED +2 0
          326530,2 fuzzing: Add cbor files which ran out of memory master qt/qtqa Status: MERGED +2 0

          Activity

            People

              thiago Thiago Macieira
              rlohning Robert Löhning
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: