Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-95188

Out-of-memory in QXmlStreamReader

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: P2: Important P2: Important
    • None
    • 6.0.4, 6.1.2, 6.3.0
    • XML: Stream Reader/Writer
    • Ubuntu 20.04 LTS
      g++ 9.3.0
      clang 10.0.0

      1. Build the attached project.
      2. To visualize the issue, restrict the available memory: 
        ulimit -Sv 3200000

        That's about 3GB.

      3. Run the resulting program and pass one of the attached xml files: 
        ./report 30924.xml

        You will see output like:

        terminate called after throwing an instance of 'std::bad_alloc'
  what():  std::bad_alloc
Aborted (core dumped)

      On Qt 5.15, the program still finishes successfully with

      ulimit -Sv 2300000

      which is 28% less memory.

      Bisecting qtbase resulted in:

      There are only 'skip'ped commits left to test.
The first bad commit could be any of:
3398eeadf617880af38fb540f26273df87ba0b1f
8dc7761e6d490877af18949c0177097e5c857424
ecfb5d2d15e586c40ca2e8b097fb77821be8c884

      Google's oss-fuzz found these as issues 29302 and 30924.

        1. 29302.xml
          619 kB
        2. 30924.xml
          657 kB
        3. main.cpp
          0.2 kB
        4. report.pro
          0.0 kB
        For Gerrit Dashboard: QTBUG-95188
        # Subject Branch Project Status CR V
        488691,16 Improve XML stream errorString dev qt/qtbase Status: ABANDONED 0 0
        488960,37 QXmlStreamReader: Raise error on unexpected tokens dev qt/qtbase Status: MERGED +2 0
        490549,2 QXmlStreamReader: Raise error on unexpected tokens 6.6 qt/qtbase Status: MERGED +2 0
        490550,3 QXmlStreamReader: Raise error on unexpected tokens 6.5 qt/qtbase Status: MERGED +2 0
        490553,7 QXmlStreamReader: Raise error on unexpected tokens tqtc/lts-6.2 qt/tqtc-qtbase Status: MERGED +2 0
        490554,15 QXmlStreamReader: Raise error on unexpected tokens tqtc/lts-5.15 qt/tqtc-qtbase Status: MERGED +2 0
        490636,2 tst_QXmlStream::tokenErrorHandling() - register test directory in CMake dev qt/qtbase Status: MERGED +2 0
        490637,3 QXmlStreamReader: Fix variable naming dev qt/qtbase Status: MERGED +2 0
        490737,5 QXmlStreamReader: Fix variable naming 6.5 qt/qtbase Status: MERGED +2 0
        490738,2 QXmlStreamReader: Fix variable naming 6.6 qt/qtbase Status: MERGED +2 0
        490739,2 tst_QXmlStream::tokenErrorHandling() - register test directory in CMake 6.6 qt/qtbase Status: MERGED +2 0
        490740,7 tst_QXmlStream::tokenErrorHandling() - register test directory in CMake 6.5 qt/qtbase Status: MERGED +2 0
        490763,6 tst_QXmlStream::tokenErrorHandling() - register test directory in CMake tqtc/lts-5.15 qt/tqtc-qtbase Status: MERGED +2 0
        490764,6 tst_QXmlStream::tokenErrorHandling() - register test directory in CMake tqtc/lts-6.2 qt/tqtc-qtbase Status: MERGED +2 0
        492442,3 QXmlStreamReader: Fix translation context of error messages dev qt/qtbase Status: MERGED +2 0
        492471,2 QXmlStreamReader: Fix translation context of error messages 6.5 qt/qtbase Status: MERGED +2 0
        492472,2 QXmlStreamReader: Fix translation context of error messages 6.6 qt/qtbase Status: MERGED +2 0

            thiago Thiago Macieira
            rlohning Robert Löhning
            Vladimir Minenko Vladimir Minenko
            Alex Blasche Alex Blasche
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: