Overview

File 0001-Dont-parse-XML-symbols-longer-than-4096-characters.patch of Package libqt5-qtbase.31663

From d76b11a0d55f40e964686564bac512e5895147b6 Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Wed, 14 Apr 2021 22:13:32 +0200
Subject: Don't parse XML symbols longer than 4096 characters

It is slow and will use too much memory.

Fixes: QTBUG-91889
Change-Id: I45c5e6038357c87bbb85b1ace17ef39a2a814ea0
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 38e111158a38507c63fd70f9ee18b9116b537976)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/corelib/serialization/qxmlstream.cpp | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/corelib/serialization/qxmlstream.cpp')

diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
index 9a3e306f42..a38720b370 100644
--- a/src/corelib/serialization/qxmlstream.cpp
+++ b/src/corelib/serialization/qxmlstream.cpp
@@ -1307,6 +1307,11 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
     int n = 0;
     uint c;
     while ((c = getChar()) != StreamEOF) {
+        if (n >= 4096) {
+            // This is too long to be a sensible name, and
+            // can exhaust memory
+            return 0;
+        }
         switch (c) {
         case '\n':
         case ' ':
-- 
cgit v1.2.3
openSUSE Build Service is sponsored by
Places