-
Bug
-
Resolution: Done
-
P2: Important
-
5.15
-
204b6c99089bcf7893be326e7d0076402b7abf0c (qt/qtbase/dev) db0893a7e302fac1808a67541ef190293661348d (qt/qtbase/5.15)
In qcssparser.cpp:1701
features |= static_cast<int>(findKnownValue(d->values.value(i).variant.toString(), styleFeatures, NumKnownStyleFeatures));
styleFeatures is an array of length 3, and NumKnownStyleFeatures is 4. Inside findKnownValue() the array is accessed at index 3, which is an out-of-bounds access.
See screenshot for visualisation of the issue.
- mentioned in
-
Page Loading...