1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't parse XML symbols longer than 4096 characters

Browse Source 
It is slow and will use too much memory.

Fixes: QTBUG-91889
Change-Id: I45c5e6038357c87bbb85b1ace17ef39a2a814ea0
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 38e111158a38507c63fd70f9ee18b9116b537976)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Allan Sandfeld Jensen 2021-04-14 22:13:32 +02:00 committed by Qt Cherry-pick Bot
parent 2818d7ce3e
commit 8e76959c57
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/corelib/serialization/qxmlstream.cpp
View File

@ -1298,6 +1298,11 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
int n = 0; int n = 0;
uint c; uint c;
while ((c = getChar()) != StreamEOF) { while ((c = getChar()) != StreamEOF) {
if (n >= 4096) {
// This is too long to be a sensible name, and
// can exhaust memory
return 0;
}
switch (c) { switch (c) {
case '\n': case '\n':
case ' ': case ' ':