Important: Please read the Qt Code of Conduct -

Program crashes when using QString + QRegExp with certain input

  • I have this code:

    QByteArray QCurl::getEncoding() {
    long headerSize;
    if (CURLE_OK != curl_easy_getinfo(j_ch, CURLINFO_HEADER_SIZE, &headerSize)) return "latin1";

    char *contentTypeC = new char[headerSize];
    if (CURLE_OK != curl_easy_getinfo(j_ch, CURLINFO_CONTENT_TYPE, &contentTypeC)) return "latin1";
    QString contentType = QString::fromLatin1(contentTypeC);
    delete []contentTypeC;
    QRegExp r("charset=([a-z0-9\\-]+)", Qt::CaseInsensitive);
    //if (r.indexIn(contentType) == -1) return "latin1";
    contentType = r.cap(1);
    if (QTextCodec::codecForName(contentType.toLocal8Bit())) return contentType.toLocal8Bit();
    return "latin1";


    If I call this function one time it works fine. But if I call it several times it crashes with message "*** glibc detected *** /home/tjx/projects/build-autoPoster-Desktop-Debug/autoPoster: double free or corruption (fasttop): 0x0000000000731140 **". Debugger shows that the crash is in r.indexIn(contentType) and contentType contains "\001\000\000". I though that QString and QRegExp are safe classes that will protect against such things. Because input comes from untrusted source I am wondering is there any way to protect against this, may be using another function to convert char -> QString, currently I use QString::fromLatin1 as you can see.

Log in to reply