Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72937

heap-buffer-overflow when passing invalid input to QTextDocument::setMarkdown

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • None
    • Some future release
    • GUI: Text handling
    • Ubuntu 18.04 LTS 64 bit
      gcc 7.3.0
      clang 6.0

    Description

      1. Build the attached demo project on a Qt version built with "-sanitize address": 
        #include <QFile>
#include <QTextDocument>

int main(int argc, char *argv[])
{
    QFile f(argv[1]);
    f.open(QFile::ReadOnly);
    QTextDocument().setMarkdown(f.readAll());
    return 0;
}

        Of course, this requires https://codereview.qt-project.org/214843/.

      2. Run it passing the filename of the attached malformed file as first parameter.
        The program crashes and writes command line output about the overflow.

      Attachments

        1. QTBUG-72937.md
          0.0 kB
        2. overflow.out
          6 kB
        3. markdown.zip
          0.6 kB

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-73938 fuzzing failure in md4c / QTextMarkdownImporter

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed

          Activity

            People

              srutledg Shawn Rutledge
              rlohning Robert Löhning
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: