| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recursively defined entities can easily exhaust all available
memory. Limit entity expansion to a default of 4096 characters to
avoid DoS attacks when a user loads untrusted content.
Added a setter and getter to allow modifying the expansion limit.
[ChangeLog][QtCore][QXmlStream] QXmlStreamReader does now by default
limit the expansion of entities to 4096 characters. Documents where
a single entity expands to more characters than the limit are not
considered well formed. The limit is there to avoid DoS attacks through
recursively expanding entities when loading untrusted content. The
limit can be changed through the QXmlStreamReader::setEntityExpansionLimit()
method.
Fixes: QTBUG-47417
Change-Id: I94387815d74fcf34783e136387ee57fac5ded0c9
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On some inputs a QXmlStreamReaderPrivate may allocate another
QXmlStreamReaderPrivate as its entityResolver. Which, recursively,
may allocate yet another one.
This "chain" of QXmlStreamReaderPrivate objects was managed using
raw pointers, and a leak was possible by resetting one of
these pointers to nullptr without freeing the corresponding object.
Change-Id: I2c6e1f023a2ed68b2b1857db25c53cce7f6bd3e7
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Diff generated by running clang-tidy's modernize-use-nullptr checker on
the CMake-based Qt version.
Skipping src/3rdparty, examples/, tests/
Change-Id: Ib182074e2e2fd52f63093f73b3e2e4c0cb7af188
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
|
|
|
|
|
|
|
|
| |
Also clean up QTextCodec usage in qmake build and some includes
of qtextcodec.h.
Change-Id: I0475b82690024054add4e85a8724c8ea3adcf62a
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
|
|
|
|
|
|
|
|
|
| |
The value of 'tos' at the check might already be on the last element,
so triggering stack expansion on the second last element is too late.
Change-Id: Ib3ab2662d4d27a71effe9e988b9e172923af2908
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This change amends 305dd1b61f657474d751cc3b24f58249ec21b61b, which lost
40334303 and brought src/corelib/xml/qxmlstream_p.h back. In
a6b697ca13945a174cff9f3e9b1af1cf61c0bea5, it was moved to
src/corelib/serialization/qxmlstream_p.h in 5.11.
Change-Id: Ia1e9841b866ff49f7274b1b13fd224c0a20a017e
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
|
|
This is in preparation to adding CBOR support. We don't need yet another
dir for CBOR and placing it in src/corelib/json is just wrong.
Change-Id: I9741f017961b410c910dfffd14ffb9d870340fa6
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|