Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-88256

[REG 5.15 -> 6.0] QCborValue::fromCbor allocates 2 GiB for 8 B input

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: P1: Critical P1: Critical
    • 6.0.1, 6.1.0 Alpha
    • 6.0.0 Beta4
    • Core: I/O
    • Ubuntu 20.04 LTS 64 bit
      clang 10.0.0
      Built with qmake
    • 638171eb10cfb186a6c47ec052a3b0c5b6449386 (qt/qtbase/dev) c5623e5bb13824ef7d735e8d429278223b2887c1 (qt/qtbase/6.0)

      1. Build the attached project.
      2. Run it on the attached input: 
        ./report input.cbor
      3. Watch the value of "newSize" in line 1583 of qcborvalue.cpp: 
                data.resize(newSize);

        Use a breakpoint, a qDebug() or whatever you prefer.
        It will try resizing the QByteArray to 2147483639.

      Allocating 2 GiB of memory doesn't seem appropriate for 8 bytes of input.

      This is a regression from Qt 5.15. There, the function will return -1 before:

              if (newSize > MaxByteArraySize)
            return -1;

        1. cleansed.cbor
          0.0 kB
          Robert Löhning
        2. input.cbor
          0.0 kB
          Robert Löhning
        3. main.cpp
          0.2 kB
          Robert Löhning
        4. report.pro
          0.1 kB
          Robert Löhning
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            thiago Thiago Macieira
            rlohning Robert Löhning
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: