Details
-
Bug
-
Resolution: Won't Do
-
P1: Critical
-
None
-
5.15.2
-
None
-
Ubuntu 20.04
-
Linux/X11
Description
I ran VLC with invalid configuration file and got `std::bad_alloc()`.
The configuration file (`~/.config/vlc/vlc-qt-interface.conf`) originally works well
[General] filedialog-path=@Variant(\0\0\0\x11\0\0\0\r/home/user)
, but the corrupted configuration file causes the bug.
[General] filedialog-path=@Variant(\0\0\0\y11\0\0\0\r/home/user)
The invalid @Variant() in configuration causes the bug.
The bug is triggered at QSettingsPrivate::stringToVariant (s=...) qtbase/src/corelib/io/qsettings.cpp:501.
I think the whole configuration file is read and @Variant() string is transformed into QVariant object, and Qt is not fully handling every corner case.
Full stack trace:
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff7aa1859 in __GI_abort () at abort.c:79 #2 0x00007ffff3dc6911 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6 #3 0x00007ffff3dd238c in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6 #4 0x00007ffff3dd23f7 in std::terminate() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6 #5 0x00007ffff3dd26a9 in __cxa_throw () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6 #6 0x00007ffff1b481ef in qBadAlloc () at global/qglobal.cpp:3338 #7 0x00007ffff1bdda31 in QListData::detach (this=0x7ffff11179b0, alloc=822083584) at tools/qlist.cpp:138 #8 0x00007ffff1cb732b in QList<QByteArray>::detach_helper (this=0x7ffff11179b0, alloc=822083584) at ../../include/QtCore/../../src/corelib/tools/qlist.h:833 #9 0x00007ffff1cb6bac in QList<QByteArray>::reserve (this=0x7ffff11179b0, alloc=822083584) at ../../include/QtCore/../../src/corelib/tools/qlist.h:613 #10 0x00007ffff1e1f049 in QtPrivate::readArrayBasedContainer<QList<QByteArray> > (s=..., c=...) at ../../include/QtCore/../../src/corelib/serialization/qdatastream.h:253 #11 0x00007ffff1e1c507 in operator>><QByteArray> (s=..., l=...) at ../../include/QtCore/../../src/corelib/serialization/qdatastream.h:425 #12 0x00007ffff1e0f7d6 in (anonymous namespace)::FilteredOperatorSwitch<QList<QByteArray>, true>::load (stream=..., data=0x7ffff11179b0) at kernel/qmetatype.cpp:1461 #13 0x00007ffff1e08769 in (anonymous namespace)::LoadOperatorSwitch::delegate<QList<QByteArray> > (this=0x7ffff11178d0, data=0x7ffff11179b0) at kernel/qmetatype.cpp:1553 #14 0x00007ffff1e03c68 in QMetaTypeSwitcher::switcher<bool, (anonymous namespace)::LoadOperatorSwitch> (logic=..., type=49, data=0x7ffff11179b0) at kernel/qmetatypeswitcher_p.h:74 #15 0x00007ffff1e0165f in QMetaType::load (stream=..., type=49, data=0x7ffff11179b0) at kernel/qmetatype.cpp:1638 #16 0x00007ffff1e5a45d in QVariant::load (this=0x7ffff11179b0, s=...) at kernel/qvariant.cpp:2540 #17 0x00007ffff1e5a871 in operator>> (s=..., p=...) at kernel/qvariant.cpp:2614 #18 0x00007ffff1d4e867 in QSettingsPrivate::stringToVariant (s=...) at io/qsettings.cpp:501 #19 0x00007ffff1d53e5d in QConfFileSettingsPrivate::readIniSection (section=..., data=..., settingsMap=0x7fffd4059ae0, codec=0x0) at io/qsettings.cpp:1767 #20 0x00007ffff1d54ac2 in QConfFileSettingsPrivate::ensureSectionParsed (this=0x7fffd40598f0, confFile=0x7fffd4059ac0, key=...) at io/qsettings.cpp:1943 #21 0x00007ffff1d51e6f in QConfFileSettingsPrivate::get (this=0x7fffd40598f0, key=..., value=0x7ffff1117c10) at io/qsettings.cpp:1289 #22 0x00007ffff1d5630d in QSettings::value (this=0x7fffd4059860, key=..., defaultValue=...) at io/qsettings.cpp:3414 #23 0x00007ffff641fb30 in ?? () from /home/kimjuhi/foxfuzz/programs/vlc-ori/modules/.libs/libqt_plugin.so #24 0x00007ffff641a34e in ?? () from /home/kimjuhi/foxfuzz/programs/vlc-ori/modules/.libs/libqt_plugin.so #25 0x00007ffff640c070 in ?? () from /home/kimjuhi/foxfuzz/programs/vlc-ori/modules/.libs/libqt_plugin.so #26 0x00007ffff7c7f609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #27 0x00007ffff7b9e133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95