qiurui
/
qtbase
mirror of https://github.com/qt/qtbase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Qt Base (Core, Gui, Widgets, Network, ...)
71,126 Commits 67 Branches 266 Tags 813 MiB
C++ 84.3%
HTML 4.8%
C 3.9%
CMake 3.6%
Objective-C++ 2%
Other 0.9%
Go to file
Shawn Rutledge 2598674694 QTextMarkdownImporter: Fix heap-buffer-overflow 
After finding the end marker `---`, the code expected more characters
beyond: typically at least a trailing newline. But QStringView::sliced()
crashes if asked for a substring that starts at or beyond the end.

Now it's restructured into a separate splitFrontMatter() function, and
we're stricter, tolerating only `---\n` or `---\r\n` as marker lines.
So the code is easier to prove correct, and we don't need to check
characters between the end of the marker and the end of the line
(to allow inadvertent whitespace, for example). If the markers are
not valid, the Markdown parser will see them as thematic breaks,
as it would have done if we were not extracting the Front Matter
beforehand.

Amends e10c9b5c0f and
bffddc6a99

Credit to OSS-Fuzz which found this as issue 42533775.

[ChangeLog][QtGui][Text] Fixed a heap buffer overflow in
QTextMarkdownImporter. The first marker for Front Matter
must begin at the first character of a Markdown document,
and both markers must be exactly ---\n or ---\r\n.

Done-with: Marc Mutz <marc.mutz@qt.io>
Fixes: QTBUG-135284
Pick-to: dev 6.9 6.8
Change-Id: I66412d21ecc0c4eabde443d70865ed2abad86d89
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
 		2025-03-28 12:18:37 +01:00
.github/workflows
LICENSES Add REUSE.toml files 2024-11-05 14:36:16 +01:00
bin CMake: Don't hard-code "libexec" in qt-configure-module 2024-08-16 12:36:35 +02:00
cmake Android: bump Android target API level to 35 2025-03-07 05:57:16 +00:00
coin Coin: Extend VxWorks restart matching to RTPLib errors 2025-02-21 14:52:54 +00:00
config.tests Enable broken_threadlocal_dtors for VxWorks 2024-11-05 14:36:17 +01:00
dist Add REUSE.toml files 2024-11-05 14:36:16 +01:00
doc Doc: Use Qt Design System colors also in help CSS 2025-03-05 08:08:26 +00:00
examples Docs: Create \Q4A macro for "Qt for Android" and replace instances 2025-03-02 07:10:47 +00:00
lib
libexec Android: fix warnings in runner script 2024-12-03 20:18:21 +00:00
mkspecs Android: bump Android target API level to 35 2025-03-07 05:57:16 +00:00
qmake Android: bump Android target API level to 35 2025-03-07 05:57:16 +00:00
src QTextMarkdownImporter: Fix heap-buffer-overflow 2025-03-28 12:18:37 +01:00
tests QTextMarkdownImporter: Fix heap-buffer-overflow 2025-03-28 12:18:37 +01:00
util Update UCD to Unicode 16.0.0 2025-02-10 21:26:21 +00:00
.cmake.conf CMake: Increase minimum required CMake version to 3.22 2024-12-02 16:01:44 +01:00
.gitattributes
.gitignore
.lgtm.yml
.tag
CMakeLists.txt
REUSE.toml Correct doc/images licensing 2025-02-18 13:12:18 +00:00
config_help.txt Introduce emoji-segmenter to 3rdparty code 2024-11-18 15:52:13 +01:00
configure
configure.bat configure.bat: Use call when calling the helper cmake scripts 2025-01-30 21:18:49 +00:00
configure.cmake Add `_qt_internal_set_source_file_generated` function 2025-02-17 16:13:53 +00:00
dependencies.yaml
licenseRule.json Correct doc/images licensing 2025-02-18 13:12:18 +00:00
qt_cmdline.cmake configure: Fix the -sbomdir argument 2025-02-21 10:52:15 +00:00