From 5dc6209478e070b885acc317dccf5c561ad61ecb Mon Sep 17 00:00:00 2001 From: Joerg Bornemann Date: Wed, 1 Aug 2018 12:17:09 +0200 Subject: Fix OOM crash in QRC scanner We implicitely created a QByteArray with the file content without passing the file size. This would result in copying the whole mmapped file into memory, and potentially much more if there's no terminating null byte. Fix this by using QByteArray::fromRawData which we pass the correct file size and which doesn't copy the data. Task-number: QBS-1375 Change-Id: I35c4cceba64343550094c29298ff9b3617718dac Reviewed-by: Christian Kandeler --- src/plugins/scanner/qt/qtscanner.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src/plugins') diff --git a/src/plugins/scanner/qt/qtscanner.cpp b/src/plugins/scanner/qt/qtscanner.cpp index 5a790efc1..51faadab3 100644 --- a/src/plugins/scanner/qt/qtscanner.cpp +++ b/src/plugins/scanner/qt/qtscanner.cpp @@ -119,7 +119,8 @@ static void *openScannerQrc(const unsigned short *filePath, const char *fileTags int r = fstat(opaque->fd, &s); if (r != 0) return nullptr; - opaque->mapl = s.st_size; + const int fileSize = static_cast(s.st_size); + opaque->mapl = fileSize; void *map = mmap(0, s.st_size, PROT_READ, MAP_PRIVATE, opaque->fd, 0); if (map == nullptr) @@ -129,13 +130,14 @@ static void *openScannerQrc(const unsigned short *filePath, const char *fileTags if (!opaque->file->open(QFile::ReadOnly)) return nullptr; - uchar *map = opaque->file->map(0, opaque->file->size()); + const int fileSize = opaque->file->size(); + uchar *map = opaque->file->map(0, fileSize); if (!map) return nullptr; #endif opaque->map = reinterpret_cast(map); - opaque->xml = new QXmlStreamReader(opaque->map); + opaque->xml = new QXmlStreamReader(QByteArray::fromRawData(opaque->map, fileSize)); return static_cast(opaque.release()); } -- cgit v1.2.3