On Fri, Nov 22, 2019 at 04:19:21PM +0000, Kai Koehne wrote:
Anyhow, QCommandLineParser processes command line arguments from the
outside. These command line arguments might come from other tools,
output ... so it should be really robust in handling these.
"from the outside" is not the qualifier - "untrusted" is. and any
application that passes on untrusted (not pre-validated) input to
another one is beyond hope.
QTranslator: The API is unfortunate in that the default directory were
translations are looked up is QDir::currentPath()...
uhm, that requires a more fundamental fix then - you certainly can see
how displaying arbitrary messages might be a security risk in itself,
irrespective of whether the .qm reader is safe or not.
_______________________________________________
Development mailing list
[email protected]
https://lists.qt-project.org/listinfo/development
