Program crashes when using QString + QRegExp with certain input
-
I have this code:
@
QByteArray QCurl::getEncoding() {
long headerSize;
if (CURLE_OK != curl_easy_getinfo(j_ch, CURLINFO_HEADER_SIZE, &headerSize)) return "latin1";char *contentTypeC = new char[headerSize]; if (CURLE_OK != curl_easy_getinfo(j_ch, CURLINFO_CONTENT_TYPE, &contentTypeC)) return "latin1"; QString contentType = QString::fromLatin1(contentTypeC); delete []contentTypeC; QRegExp r("charset=([a-z0-9\\-]+)", Qt::CaseInsensitive); r.indexIn(contentType); //if (r.indexIn(contentType) == -1) return "latin1"; contentType = r.cap(1); if (QTextCodec::codecForName(contentType.toLocal8Bit())) return contentType.toLocal8Bit(); return "latin1";
}
@If I call this function one time it works fine. But if I call it several times it crashes with message "*** glibc detected *** /home/tjx/projects/build-autoPoster-Desktop-Debug/autoPoster: double free or corruption (fasttop): 0x0000000000731140 **". Debugger shows that the crash is in r.indexIn(contentType) and contentType contains "\001\000\000". I though that QString and QRegExp are safe classes that will protect against such things. Because input comes from untrusted source I am wondering is there any way to protect against this, may be using another function to convert char -> QString, currently I use QString::fromLatin1 as you can see.