diff options
| author | Slávek Banko <slavek.banko@axis.cz> | 2015-03-09 22:30:38 +0100 |
|---|---|---|
| committer | Slávek Banko <slavek.banko@axis.cz> | 2015-03-09 22:38:56 +0100 |
| commit | 2383ee57b0ca9f342f34cf46f57eb3a407ed79ab (patch) | |
| tree | 46a48d7248f4e73acde6a2e6fe8d6164a4601bfb /src/xml/qxml.h | |
| parent | cdabaf42b0dff3d4bc62572bf12e324eb11fec0b (diff) | |
| download | qt3-2383ee57b0ca9f342f34cf46f57eb3a407ed79ab.tar.gz qt3-2383ee57b0ca9f342f34cf46f57eb3a407ed79ab.zip | |
Fix security issue CVE-2013-4549
[taken from RedHat Qt3 patches]
(cherry picked from commit 73584365f8600414fc5a114ec2f2d6750a7f77cc)
Diffstat (limited to 'src/xml/qxml.h')
| -rw-r--r-- | src/xml/qxml.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/xml/qxml.h b/src/xml/qxml.h index 11fbbdb..6d0bee8 100644 --- a/src/xml/qxml.h +++ b/src/xml/qxml.h @@ -307,6 +307,12 @@ private: QXmlSimpleReaderPrivate* d; + // The limit to the amount of times the DTD parsing functions can be called + // for the DTD currently being parsed. + static const uint dtdRecursionLimit = 2U; + // The maximum amount of characters an entity value may contain, after expansion. + static const uint entityCharacterLimit = 65536U; + const QString &string(); void stringClear(); inline void stringAddC() { stringAddC(c); } @@ -378,6 +384,7 @@ private: void unexpectedEof( ParseFunction where, int state ); void parseFailed( ParseFunction where, int state ); void pushParseState( ParseFunction function, int state ); + bool isExpandedEntityValueTooLarge(QString *errorMessage); void setUndefEntityInAttrHack(bool b); |