On Mon, May 4, 2026 at 11:16 AM Shawn Rutledge via Interest < [email protected]> wrote:
> > > On May 4, 2026, at 07:15, coroberti <[email protected]> wrote: > > > > Hi, > > When loading by mistake (or deliberately) an exe file, i.e. renamed > extension to txt, to an app example > > using the class QTextEdit, the editor hangs attempting the load. > > > > The question is whether it qualifies for a security issue? > > It’s at least worth reporting a bug, I think. Does this happen with just > about any binary, or you only tried once? > > We have multiple parsers; I suppose any of them could have bad behavior > when trying to load binaries as text. But we have oss-fuzz: it’s supposed > to find such cases, and then we need to keep up with fixing what it finds. > Predictably, the more complex parsers have more bugs; and it’s not a lot. > > It's a well reproducible issue: I've tried several exe files (PE) on Windows. PE, ELF, DLLs, etc. all have well-defined headers and allow detection - m2c. It might be better to detect the real file-type earlier than rely on a later parsers' logic. Kind regards, Robert
_______________________________________________ Interest mailing list [email protected] https://lists.qt-project.org/listinfo/interest
