Preallocate buffer for QLineEdit when used for password input

While the user is entering the password, the string variable that
stores the value might have to reallocate its content from time
to time (when the string needs to grow beyond its current capacity).

When the reallocation happens, the old buffer is freed, but its
data is not zeroed-out. This means that a QLineEdit that serves as
a password input field might leak chunks of the password during
its lifetime, and the leaks will persist after its destruction.

Since the QLineEdit can not control the behavior of the QString
it uses to store the entered value, the only thing it can do is try
to make the reallocations rare.

This patch reserves the space for 30 characters for the string which
stores the QLineEdit value when said QLineEdit is used for password
input. This is enough to make sure no reallocation happens in
majority of cases as barely anyone uses passwords longer than 30
characters.

[ChangeLog][QtWidgets][QWidgetLineControl/security] Preallocate a buffer
for the string that contains the entered value when the QLineEdit serves
as a password input field to minimize reallocations.

Change-Id: I3e695db93e34c93335c3bf9dbcbac832fc18b62d
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io>

1 files changed, 7 insertions, 0 deletions

diff --git a/src/widgets/widgets/qwidgetlinecontrol_p.h b/src/widgets/widgets/qwidgetlinecontrol_p.h
index b730b415f0..f4df95865d 100644
--- a/src/widgets/widgets/qwidgetlinecontrol_p.h
+++ b/src/widgets/widgets/qwidgetlinecontrol_p.h
@@ -280,6 +280,13 @@ public:
         cancelPasswordEchoTimer();
         m_echoMode = mode;
         m_passwordEchoEditing = false;
+
+        // If this control is used for password input, we want to minimize
+        // the possibility of string reallocation not to leak (parts of)
+        // the password.
+        if (m_echoMode != QLineEdit::Normal)
+            m_text.reserve(30);
+
         updateDisplayText();
     }