diff options
author | Thiago Macieira <thiago.macieira@intel.com> | 2020-03-07 07:38:51 -0800 |
---|---|---|
committer | Thiago Macieira <thiago.macieira@intel.com> | 2020-03-25 16:21:47 -0300 |
commit | 02d595946faa7a21f6aa4109227f7e90db20ae7a (patch) | |
tree | 48a281e33a5f72c50998d87f315264e6bddc3f36 /src/corelib/serialization/qtextstream.cpp | |
parent | b7da66132bdd196c4f0b0e0fdf53f9e3b9a8bdaf (diff) |
QCborValue::fromCbor: Apply a recursion limit to decoding
A simple 16k file can produce deep enough recursion in Qt to cause stack
overflow. So prevent that.
I tested 4096 recursions just fine on my Linux system (8 MB stack), but
decided 1024 was sufficient, as this code will also be run on embedded
systems that could have smaller stacks.
[ChangeLog][QtCore][QCborValue] fromCbor() now limits decoding to at
most 1024 nested maps, arrays, and tags to prevent stack overflows. This
should be sufficient for most uses of CBOR. An API to limit further or
to relax the limit will be provided in 5.15. Meanwhile, if decoding more
is required, QCborStreamReader can be used (note that each level of map
and array allocates memory).
Change-Id: Iaa63461109844e978376fffd15fa0fbefbf607a2
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Diffstat (limited to 'src/corelib/serialization/qtextstream.cpp')
0 files changed, 0 insertions, 0 deletions