Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P2: Important
Fix Version/s: 5.15.15, 6.2.10, 6.5.3, 6.6.0 Beta2, 6.7.0 FF
Affects Version/s: 6.0.4, 6.1.2, 6.3.0
Component/s: XML: Stream Reader/Writer
Labels:
- found_by_oss-fuzz
Environment:
Ubuntu 20.04 LTS
g++ 9.3.0
clang 10.0.0

Commits:
c4301be7d (dev), b35f5a187 (6.6), 9b7374791 (tqtc/lts-5.15), f67a497db (dev), b47657093 (dev), b5d66b52d (6.6), c216c3d98 (6.5), 7f7287ab5 (tqtc/lts-6.2), 26940b125 (tqtc/lts-6.2), 4f89eb5a7 (6.6), 21f30acde (tqtc/lts-5.15), 3c2cc469b (6.5)

Description

Build the attached project.
To visualize the issue, restrict the available memory:
```
ulimit -Sv 3200000
```
That's about 3GB.

Run the resulting program and pass one of the attached xml files:

./report 30924.xml

You will see output like:

terminate called after throwing an instance of 'std::bad_alloc'
  what():  std::bad_alloc
Aborted (core dumped)

On Qt 5.15, the program still finishes successfully with

ulimit -Sv 2300000

which is 28% less memory.

Bisecting qtbase resulted in:

There are only 'skip'ped commits left to test.
The first bad commit could be any of:
3398eeadf617880af38fb540f26273df87ba0b1f
8dc7761e6d490877af18949c0177097e5c857424
ecfb5d2d15e586c40ca2e8b097fb77821be8c884

Google's oss-fuzz found these as issues 29302 and 30924.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

29302.xml
619 kB
14 Jul '21 20:24
30924.xml
657 kB
14 Jul '21 20:24
main.cpp
0.2 kB
14 Jul '21 20:24
report.pro
0.0 kB
14 Jul '21 20:24

Issue Links

covers

QTBUG-85138 QXmlStreamReader slow on certain input

Closed

duplicates

QTBUG-92113 QXmlStreamReader freezes

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-95188
#	Subject	Branch	Project	Status	CR	V
488691,16	Improve XML stream errorString	dev	qt/qtbase	Status: ABANDONED	0	0
488960,37	QXmlStreamReader: Raise error on unexpected tokens	dev	qt/qtbase	Status: MERGED	+2	0
490549,2	QXmlStreamReader: Raise error on unexpected tokens	6.6	qt/qtbase	Status: MERGED	+2	0
490550,3	QXmlStreamReader: Raise error on unexpected tokens	6.5	qt/qtbase	Status: MERGED	+2	0
490553,7	QXmlStreamReader: Raise error on unexpected tokens	tqtc/lts-6.2	qt/tqtc-qtbase	Status: MERGED	+2	0
490554,15	QXmlStreamReader: Raise error on unexpected tokens	tqtc/lts-5.15	qt/tqtc-qtbase	Status: MERGED	+2	0
490636,2	tst_QXmlStream::tokenErrorHandling() - register test directory in CMake	dev	qt/qtbase	Status: MERGED	+2	0
490637,3	QXmlStreamReader: Fix variable naming	dev	qt/qtbase	Status: MERGED	+2	0
490737,5	QXmlStreamReader: Fix variable naming	6.5	qt/qtbase	Status: MERGED	+2	0
490738,2	QXmlStreamReader: Fix variable naming	6.6	qt/qtbase	Status: MERGED	+2	0
490739,2	tst_QXmlStream::tokenErrorHandling() - register test directory in CMake	6.6	qt/qtbase	Status: MERGED	+2	0
490740,7	tst_QXmlStream::tokenErrorHandling() - register test directory in CMake	6.5	qt/qtbase	Status: MERGED	+2	0
490763,6	tst_QXmlStream::tokenErrorHandling() - register test directory in CMake	tqtc/lts-5.15	qt/tqtc-qtbase	Status: MERGED	+2	0
490764,6	tst_QXmlStream::tokenErrorHandling() - register test directory in CMake	tqtc/lts-6.2	qt/tqtc-qtbase	Status: MERGED	+2	0
492442,3	QXmlStreamReader: Fix translation context of error messages	dev	qt/qtbase	Status: MERGED	+2	0
492471,2	QXmlStreamReader: Fix translation context of error messages	6.5	qt/qtbase	Status: MERGED	+2	0
492472,2	QXmlStreamReader: Fix translation context of error messages	6.6	qt/qtbase	Status: MERGED	+2	0