[Interest] QTextEdit and Derivatives - Security Question
coroberti
coroberti at gmail.com
Wed May 6 10:10:08 CEST 2026
On Mon, May 4, 2026 at 11:16 AM Shawn Rutledge via Interest <
interest at qt-project.org> wrote:
>
> > On May 4, 2026, at 07:15, coroberti <coroberti at gmail.com> wrote:
> >
> > Hi,
> > When loading by mistake (or deliberately) an exe file, i.e. renamed
> extension to txt, to an app example
> > using the class QTextEdit, the editor hangs attempting the load.
> >
> > The question is whether it qualifies for a security issue?
>
> It’s at least worth reporting a bug, I think. Does this happen with just
> about any binary, or you only tried once?
>
> We have multiple parsers; I suppose any of them could have bad behavior
> when trying to load binaries as text. But we have oss-fuzz: it’s supposed
> to find such cases, and then we need to keep up with fixing what it finds.
> Predictably, the more complex parsers have more bugs; and it’s not a lot.
>
>
It's a well reproducible issue: I've tried several exe files (PE) on
Windows.
PE, ELF, DLLs, etc. all have well-defined headers and allow detection - m2c.
It might be better to detect the real file-type earlier than rely on a
later parsers' logic.
Kind regards,
Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20260506/e35aa57f/attachment.htm>
More information about the Interest
mailing list