[Interest] Is it safe to use QDataStream to parse data from untrusted source?

Alexander Dyagilev alervdvcw at gmail.com
Thu May 12 17:30:16 CEST 2022


I use QDataStream to serialize QByteArray and QVariantHash (i.e. get 
QByteArray and QVariantHash objects from stream).

I use this to process data from connections in my own custom server 
(publicly accessible).

Is it safe to use QDataStream? E.g. can it crash / stack overflow / etc. 
on malformed data?

I've found ticket in which it's stated that one should not use 
QDataStream to parse data from untrused source. Is it still true?


More information about the Interest mailing list