Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-88253

[REG 5.15 -> 6.0] QCborStreamReader allocates 2 GiB for 8 B file

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: P1: Critical P1: Critical
    • 6.0.1, 6.1.0 Alpha
    • 6.0.0 Beta4
    • Core: I/O
    • Ubuntu 20.04 LTS 64 bit
      clang 10.0.0
      Built with qmake
    • 9a55f40937d037d06e00b09465d8dad0554692fc (qt/qtbase/dev) 3caacb2f2bbd3947f79d9351b7c9af4517271875 (qt/qtbase/6.0)

      1. To visualize the problem without a debugger or memory limits, add the attached patch.
        It just adds a qDebug() to show which value is being passed into QByteArray::resize().
      2. Build Qt with that patch.
      3. Build the attached project on this build of Qt.
      4. Run the resulting program with the attached input.
        You'll see: 
        Allocating 1
Allocating 2147483641

        Allocating 2 GiB of memory doesn't seem appropriate for an 8 byte file.

      This is a regression from Qt 5.15. There, you'll only see:

      Allocating 1

        1. 0001-Add-debug-output.patch
          0.8 kB
          Robert Löhning
        2. input.cbor
          0.0 kB
          Robert Löhning
        3. main.cpp
          0.2 kB
          Robert Löhning
        4. report.pro
          0.1 kB
          Robert Löhning
        5. cleansed.cbor
          0.0 kB
          Robert Löhning
        For Gerrit Dashboard: QTBUG-88253
        # Subject Branch Project Status CR V
        320807,5 QCborStreamReader: avoid allocating result if data is insufficient dev qt/qtbase Status: MERGED +2 0
        321474,2 QCborStreamReader: avoid allocating result if data is insufficient 5.15 qt/qtbase Status: ABANDONED +2 0
        322040,5 QCborStreamReader: move the UTF-8 decoding into readStringChunk dev qt/qtbase Status: MERGED +2 0
        322052,3 QString/QByteArray: add missing Q_CHECK_PTR dev qt/qtbase Status: MERGED +2 0
        325668,2 QString/QByteArray: add missing Q_CHECK_PTR 6.0 qt/qtbase Status: MERGED +2 0
        325673,2 QCborStreamReader: avoid allocating result if data is insufficient 6.0 qt/qtbase Status: MERGED +2 0
        325898,3 QCborStreamReader: move the UTF-8 decoding into readStringChunk 6.0 qt/qtbase Status: MERGED +2 0
        325899,1 QCborStreamReader: move the UTF-8 decoding into readStringChunk 5.15 qt/qtbase Status: ABANDONED 0 0
        326369,2 fuzzing: Add cbor files which ran out of memory dev qt/qtqa Status: MERGED +2 0
        326530,2 fuzzing: Add cbor files which ran out of memory master qt/qtqa Status: MERGED +2 0

            thiago Thiago Macieira
            rlohning Robert Löhning
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: