diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-04-14 22:13:32 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-04-16 18:22:56 +0000 |
commit | d76b11a0d55f40e964686564bac512e5895147b6 (patch) | |
tree | b649970c4899ed1e7d0a6a6c85c36e0c399872c4 /src/corelib/serialization/qxmlstream.cpp | |
parent | 8406739dd2b6aeeaa9ef0c88f12e354f830b08ca (diff) |
Don't parse XML symbols longer than 4096 characters
It is slow and will use too much memory.
Fixes: QTBUG-91889
Change-Id: I45c5e6038357c87bbb85b1ace17ef39a2a814ea0
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 38e111158a38507c63fd70f9ee18b9116b537976)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src/corelib/serialization/qxmlstream.cpp')
-rw-r--r-- | src/corelib/serialization/qxmlstream.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp index 9a3e306f42..a38720b370 100644 --- a/src/corelib/serialization/qxmlstream.cpp +++ b/src/corelib/serialization/qxmlstream.cpp @@ -1307,6 +1307,11 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix) int n = 0; uint c; while ((c = getChar()) != StreamEOF) { + if (n >= 4096) { + // This is too long to be a sensible name, and + // can exhaust memory + return 0; + } switch (c) { case '\n': case ' ': |