Details
-
Bug
-
Resolution: Done
-
P3: Somewhat important
-
4.8.6, 5.3.2, 5.4.0
-
Debian/Jessie amd64 with qt-4.8.6 and qt-5.3.2
OpenBSD-current amd64 with qt-4.8.6
-
817800ad39df10ca78e2c965a61d4d2025df622b
Description
With specially crafted input (found with afl), QXmlStreamReader gets into infinite loop consuming 100% CPU. To reproduce, compile the attached reader.cc and run like this:
./reader input.xml
The second call to reader.readNext() won't return and enter infinite loop.
When running in gdb and interrupted, the backtrace looks like this:
(gdb) bt
#0 0x00001dc2d8b9ae23 in QXmlStreamReaderPrivate::scanUntil () from /usr/local/lib/libQtCore.so.9.0
#1 0x00001dc2d8ba0c00 in QXmlStreamReaderPrivate::parse () from /usr/local/lib/libQtCore.so.9.0
#2 0x00001dc2d8ba5279 in QXmlStreamReader::readNext () from /usr/local/lib/libQtCore.so.9.0
#3 0x00001dc0a2b01935 in main () from /home/ralf/dev/qt/reader