diff options
authorIvan Čukić <>2018-10-08 21:12:26 +0200
committerLuca Beldi <>2018-12-03 10:05:33 +0000
commit5dde7bd92211c4049b75738b17532f6d6a66b37c (patch)
parent79e4fe54bfc1f36df6137cce84015dbb0a52639a (diff)
Erase password data on QLineEdit destruction
The contents of a deleted QString can still remain in memory and can be accessible by tools that read the raw process memory. This means that a QLineEdit that serves as a password input field can leak the password after it is destroyed. With this patch, the contents of the m_text string member variable will be zeroed-out before the m_text is destructed. This is done only in the cases when the QLineEdit serves as a password field. [ChangeLog][QtWidgets][QWidgetLineControl/security] Zero-out the string that contains a password entered into the QLineEdit Change-Id: I8f88f952244bf8a0399c14acf0869439ca0a60ca Reviewed-by: Luca Beldi <> Reviewed-by: Eskil Abrahamsen Blomfeldt <>
1 files changed, 6 insertions, 0 deletions
diff --git a/src/widgets/widgets/qwidgetlinecontrol_p.h b/src/widgets/widgets/qwidgetlinecontrol_p.h
index 3e33bc0605..b730b415f0 100644
--- a/src/widgets/widgets/qwidgetlinecontrol_p.h
+++ b/src/widgets/widgets/qwidgetlinecontrol_p.h
@@ -110,6 +110,12 @@ public:
+ // If this control is used for password input, we don't want the
+ // password data to stay in the process memory, therefore we need
+ // to zero it out
+ if (m_echoMode != QLineEdit::Normal)
+ m_text.fill('\0');
delete [] m_maskData;