[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin

Albert Astals Cid Mon, 11 Sep 2023 13:58:21 -0700

https://bugs.kde.org/show_bug.cgi?id=469458


Albert Astals Cid <aa...@kde.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Latest Commit|https://invent.kde.org/netw |https://invent.kde.org/netw
                   |ork/kio-extras/-/commit/3bd |ork/kio-extras/-/commit/cf5
                   |4906f2e37456eb296a527913b30 |d29ae48c627d6299638a5c535f5
                   |5ba472b761                  |d8c2ae36fa

--- Comment #9 from Albert Astals Cid <aa...@kde.org> ---
Git commit cf5d29ae48c627d6299638a5c535f5d8c2ae36fa by Albert Astals Cid, on
behalf of Daniel Schulte.
Committed on 11/09/2023 at 22:57.
Pushed by aacid into branch 'release/23.08'.

thumbnail: Fix heap-use-after-free in AudioCreator::create

There is a heap-use-after-free issue in `AudioCreator::create` resulting from
storing the pointer to a temporary `QByteArray`'s data() in a pointer and
accessing it after the byte-array has been freed (when the the temporary object
was created on is over).

This fixes it by moving the `QByteArray` onto the stack, thus making it not
temporary anymore, keeping it around until its data isn't needed anymore.
(cherry picked from commit 3bd4906f2e37456eb296a527913b305ba472b761)

M  +2    -1    thumbnail/audiocreator.cpp

https://invent.kde.org/network/kio-extras/-/commit/cf5d29ae48c627d6299638a5c535f5d8c2ae36fa

-- 
You are receiving this mail because:
You are watching all bug changes.

[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin

Reply via email to