Fix OOM crash in QRC scanner

We implicitely created a QByteArray with the file content without
passing the file size. This would result in copying the whole mmapped
file into memory, and potentially much more if there's no terminating
null byte.

Fix this by using QByteArray::fromRawData which we pass the correct file
size and which doesn't copy the data.

Task-number: QBS-1375
Change-Id: I35c4cceba64343550094c29298ff9b3617718dac
Reviewed-by: Christian Kandeler <christian.kandeler@qt.io>

1 files changed, 5 insertions, 3 deletions

diff --git a/src/plugins/scanner/qt/qtscanner.cpp b/src/plugins/scanner/qt/qtscanner.cpp
index 5a790efc1..51faadab3 100644
--- a/src/plugins/scanner/qt/qtscanner.cpp
+++ b/src/plugins/scanner/qt/qtscanner.cpp
@@ -119,7 +119,8 @@ static void *openScannerQrc(const unsigned short *filePath, const char *fileTags
     int r = fstat(opaque->fd, &s);
     if (r != 0)
         return nullptr;
-    opaque->mapl = s.st_size;
+    const int fileSize = static_cast<int>(s.st_size);
+    opaque->mapl = fileSize;
 
     void *map = mmap(0, s.st_size, PROT_READ, MAP_PRIVATE, opaque->fd, 0);
     if (map == nullptr)
@@ -129,13 +130,14 @@ static void *openScannerQrc(const unsigned short *filePath, const char *fileTags
     if (!opaque->file->open(QFile::ReadOnly))
         return nullptr;
 
-    uchar *map = opaque->file->map(0, opaque->file->size());
+    const int fileSize = opaque->file->size();
+    uchar *map = opaque->file->map(0, fileSize);
     if (!map)
         return nullptr;
 #endif
 
     opaque->map = reinterpret_cast<char *>(map);
-    opaque->xml = new QXmlStreamReader(opaque->map);
+    opaque->xml = new QXmlStreamReader(QByteArray::fromRawData(opaque->map, fileSize));
 
     return static_cast<void *>(opaque.release());
 }