[Interest] Is it safe to use QDataStream to parse data from untrusted source?
Thiago Macieira
thiago.macieira at intel.com
Fri May 13 15:26:19 CEST 2022
On Thursday, 12 May 2022 12:41:54 MDT Alexander Dyagilev wrote:
> Thank you for the response!
>
> Is it also true for Qt 5.12? I mean, was CBOR parser of it tested by the
> Google Fuzzer project?
I don't remember when we started, but we treat all parsing issues that lead to
crashes or anything worse as security issues and fix retroactively. Since 5.12
is and has been closed for a while now, it may not have all the fixes; you
should look at Qt's list of security issues and apply any remaining patches
yourself.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Cloud Software Architect - Intel DCAI Cloud Engineering
More information about the Interest
mailing list