diff options
| author | Slávek Banko <slavek.banko@axis.cz> | 2015-03-09 22:30:38 +0100 |
|---|---|---|
| committer | Slávek Banko <slavek.banko@axis.cz> | 2015-03-09 22:34:05 +0100 |
| commit | 73584365f8600414fc5a114ec2f2d6750a7f77cc (patch) | |
| tree | 9c090a742a5b88eef9db3316df74d06f5886c517 /src/xml/qxml.h | |
| parent | a0a411065dc5a258e44bab5ab53130036574c177 (diff) | |
| download | qt3-73584365f8600414fc5a114ec2f2d6750a7f77cc.tar.gz qt3-73584365f8600414fc5a114ec2f2d6750a7f77cc.zip | |
Fix security issue CVE-2013-4549
[taken from RedHat Qt3 patches]
Diffstat (limited to 'src/xml/qxml.h')
| -rw-r--r-- | src/xml/qxml.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/xml/qxml.h b/src/xml/qxml.h index 11fbbdb..6d0bee8 100644 --- a/src/xml/qxml.h +++ b/src/xml/qxml.h @@ -307,6 +307,12 @@ private: QXmlSimpleReaderPrivate* d; + // The limit to the amount of times the DTD parsing functions can be called + // for the DTD currently being parsed. + static const uint dtdRecursionLimit = 2U; + // The maximum amount of characters an entity value may contain, after expansion. + static const uint entityCharacterLimit = 65536U; + const QString &string(); void stringClear(); inline void stringAddC() { stringAddC(c); } @@ -378,6 +384,7 @@ private: void unexpectedEof( ParseFunction where, int state ); void parseFailed( ParseFunction where, int state ); void pushParseState( ParseFunction function, int state ); + bool isExpandedEntityValueTooLarge(QString *errorMessage); void setUndefEntityInAttrHack(bool b); |