[Development] QtCS2019 Notes from "Fuzzing Qt" BoF session
Giuseppe D'Angelo
giuseppe.dangelo at kdab.com
Fri Nov 22 18:17:39 CET 2019
Il 21/11/19 13:13, Robert Loehning ha scritto:
> ** [https://doc.qt.io/qt-5/qregularexpression.html QRegularExpression]
This should mostly be fuzzing libpcre itself...
Note that users should NEVER use / accept untrusted regular expressions.
While we shouldn't crash or exhaust memory, PCREs will happily exhibit
exponential backtracking behaviour, thus exposing applications to DOS
attacks. There's nothing we can do about that.
Thanks,
--
Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4329 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.qt-project.org/pipermail/development/attachments/20191122/e53c59d9/attachment.bin>
More information about the Development
mailing list