[SOLVED] Possible security threat in Qt 5.3.2 installer?
-
Hi guys!
This morning I ran my AVG antivirus from Windows 7, and I got a message related to a possible threat in some file of my Qt installation directory:
http://www.maefloresta.com/portal/files/virus_alert.png
There isn't detailed info about the issue:
http://www.avgthreatlabs.com/virus-and-malware-information/content/generic-virus/?name=@EID_Id_xmlEntityRefMax&utm_source=TDPU&utm_medium=SCAN&PRTYPE=ISI just wonder whether this is an actual security problem or not.
Thank you!
PS: Of course, I downloaded the installer from the official Qt website.
-
I doubt that. It detects a possible "XML bomb":http://en.wikipedia.org/wiki/Billion_laughs
Qt probably has some big xml expansion somewhere and the AV is tripped by that. Which file it actually points to?
You can run the installer and see if memory usage skyrockets. If it doesn't then you're fine. The worst case - eats too much RAM and you just kill it.
EDIT: There is one such expansion in the tests: Src\qtbase\tests\auto\xml\sax\qxmlsimplereader\xmldocs\internal-entity-polynomial-attribute.xml, but that is the purpose of the test so no problem there.
