Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.15.0, 6.2
-
Ubuntu 20.04 LTS
clang 10.0.0
g++ 9.3.0
-
0c9fc20e7ff7b4ff0f15e0b2c071ea834625dce9 (qt/qtbase/dev) 51812618e7f0486ad029f3c17bfe7baec8800d06 (qt/qtbase/6.1) cc3cb77f62ddbd4667c7ad51e9c5c8718dd53b1b (qt/qtbase/6.0)
Description
- Build the attached project:
Normal release build, no sanitizers needed. - Run it passing in one of the attached text files
It will consume a lot of memory (>2GB) and take a while until it returns (ca. 40s). With sanitizers, the program easily runs out of memory.
Google found these as oss-fuzz issues 32720 and 32722. They will publish the details in 90 days, the latest.
Attachments
| For Gerrit Dashboard: QTBUG-92275 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 341577,4 | Fuzzing: Simplify figuring out the failing datetime format | dev | qt/qtbase | Status: MERGED | +2 | 0 |
| 342010,4 | Avoid attempting to parse insanely long texts as zone names | dev | qt/qtbase | Status: MERGED | +2 | 0 |
| 342199,2 | Avoid attempting to parse insanely long texts as zone names | 6.1 | qt/qtbase | Status: MERGED | +2 | 0 |
| 342200,2 | Avoid attempting to parse insanely long texts as zone names | 6.0 | qt/qtbase | Status: MERGED | +2 | 0 |
| 342201,2 | Avoid attempting to parse insanely long texts as zone names | tqtc/lts-5.15 | qt/tqtc-qtbase | Status: MERGED | +2 | 0 |