[Interest] Is it safe to use QDataStream to parse data from untrusted source?
Alexander Dyagilev
alervdvcw at gmail.com
Thu May 12 20:41:54 CEST 2022
Thank you for the response!
Is it also true for Qt 5.12? I mean, was CBOR parser of it tested by the
Google Fuzzer project?
On 5/12/2022 7:27 PM, Thiago Macieira wrote:
> On Thursday, 12 May 2022 08:30:16 PDT Alexander Dyagilev wrote:
>> Is it safe to use QDataStream? E.g. can it crash / stack overflow / etc.
>> on malformed data?
> It's not safe.
>
> The XML, CBOR, and JSON parsers can parse untrusted data and are tested by the
> Google Fuzzer project to ensure we keep them that way.
>
More information about the Interest
mailing list