Don't parse XML symbols longer than 4096 characters

It is slow and will use too much memory. Pick-to: 6.1 6.1.0 6.0 5.15 Fixes: QTBUG-91889 Change-Id: I45c5e6038357c87bbb85b1ace17ef39a2a814ea0 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2021-04-14 22:13:32 +02:00 · 2021-04-14 22:13:32 +02:00 · 38e111158a
commit 38e111158a
parent 930e59b798
1 changed files with 5 additions and 0 deletions
--- a/src/corelib/serialization/qxmlstream.cpp
+++ b/src/corelib/serialization/qxmlstream.cpp
@ -1297,6 +1297,11 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
    int n = 0;
    uint c;
    while ((c = getChar()) != StreamEOF) {
+        if (n >= 4096) {
+            // This is too long to be a sensible name, and
+            // can exhaust memory
+            return 0;
+        }
        switch (c) {
        case '\n':
        case ' ':