[Development] QtCS2019 Notes from "Fuzzing Qt" BoF session

Giuseppe D'Angelo giuseppe.dangelo at kdab.com
Fri Nov 22 18:17:39 CET 2019

Il 21/11/19 13:13, Robert Loehning ha scritto:
> ** [https://doc.qt.io/qt-5/qregularexpression.html  QRegularExpression]

This should mostly be fuzzing libpcre itself...

Note that users should NEVER use / accept untrusted regular expressions. 
While we shouldn't crash or exhaust memory, PCREs will happily exhibit 
exponential backtracking behaviour, thus exposing applications to DOS 
attacks. There's nothing we can do about that.

Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4329 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.qt-project.org/pipermail/development/attachments/20191122/e53c59d9/attachment.bin>

More information about the Development mailing list