diff options
| author | Fabian Kosmale <fabian.kosmale@qt.io> | 2023-09-21 09:50:27 +0200 |
|---|---|---|
| committer | Fabian Kosmale <fabian.kosmale@qt.io> | 2023-10-06 09:40:24 +0200 |
| commit | 7a3db863f4edda12a8dda36b807ef64e98f2046f (patch) | |
| tree | 35c1702409d949e9cacd3f2c105e565c06e9f426 /src/qml/jsruntime/qv4compilationunitmapper_win.cpp | |
| parent | 6f05fa24665ea700da85f06360e50fb2d4b59861 (diff) | |
QML diskcache: Verify cache file size
We can't rely on the checksum verification, as we still assume that we
can read all bytes in the range claimed by the unit's header.
If for some reason the cache file has been truncated, that will lead to
crashes due to out-of-bound reads.
As we already store the unit's size in the header, use it for an initial
verification before doing any further work.
Initial test case was provided by Harald Sitter <sitter@kde.org>.
Pick-to: 6.6 6.5 6.2 5.15
Fixes: QTBUG-117130
Change-Id: Idd20191ed0e0ef9c37985c4c64124578f0607ad3
Reviewed-by: Semih Yavuz <semih.yavuz@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Diffstat (limited to 'src/qml/jsruntime/qv4compilationunitmapper_win.cpp')
| -rw-r--r-- | src/qml/jsruntime/qv4compilationunitmapper_win.cpp | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/qml/jsruntime/qv4compilationunitmapper_win.cpp b/src/qml/jsruntime/qv4compilationunitmapper_win.cpp index 2ea54ce286..9ac4085453 100644 --- a/src/qml/jsruntime/qv4compilationunitmapper_win.cpp +++ b/src/qml/jsruntime/qv4compilationunitmapper_win.cpp @@ -50,6 +50,23 @@ CompiledData::Unit *CompilationUnitMapper::open(const QString &cacheFileName, co // Data structure and qt version matched, so now we can access the rest of the file safely. + /* Error out early on file corruption. We assume we can read header.unitSize bytes + later (even before verifying the checksum), potentially causing out-of-bound + reads + Also, no need to wait until checksum verification if we know beforehand + that the cached unit is bogus + */ + LARGE_INTEGER fileSize; + if (!GetFileSizeEx(handle, &fileSize)) { + *errorString = QStringLiteral("Could not determine file size"); + return nullptr; + } + if (header.unitSize != fileSize.QuadPart) { + *errorString = QStringLiteral("Potential file corruption, file too small"); + return nullptr; + } + + HANDLE fileMappingHandle = CreateFileMapping(handle, 0, PAGE_READONLY, 0, 0, 0); if (!fileMappingHandle) { *errorString = qt_error_string(GetLastError()); |