CVE-2025-3512: Qt 基础 QTextMarkdownImporter 前置事项缓冲区溢出

CVE-2025-3512: Qt 基础 QTextMarkdownImporter 前置事项缓冲区溢出
CVE-2025-3512漏洞涉及Qt Base QTextMarkdownImporter组件中的Front Matter缓冲区溢出问题，讨论集中在将OOB（Out-of-Bounds）读取误称为缓冲区溢出的现象，并建议改进AddressSanitizer中的术语描述以避免混淆。 2025-4-25 15:49:0 Author: seclists.org(查看原文) 阅读量:6 收藏

oss-sec mailing list archives

From: Jacob Bachmeyer <jcb62281 () gmail com>
Date: Thu, 24 Apr 2025 23:47:30 -0500

On 4/24/25 19:08, Solar Designer wrote:

On Thu, Apr 24, 2025 at 09:06:26PM +0200, Jakub Wilk wrote:

* Solar Designer <solar () openwall com>, 2025-04-24 20:32:

There appears to be a growing trend towards calling OOB reads "buffer
overflows".

Part of the problem may be that AddressSanitizer uses this unforuntate
terminology; you get something like this:

     ==7802==ERROR: AddressSanitizer: stack-buffer-overflow on address
     0xf5f00021 at pc 0xf79c113e bp 0xfff496e8 sp 0xfff492c4
     READ of size 2 at 0xf5f00021 thread T0

Yes, this may very well be the main cause of this trend.  Is someone
reading this in a position to change the wording in AddressSanitizer?
For example, it could have "stack out-of-bounds read" in place of
"stack-buffer-overflow" above.

On a guess that the same message fragment is used for both reads andwrites, how about "stack-bound-violation" instead of"stack-buffer-overflow"? It is even the same length.



-- Jacob

Current thread:

CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow 田世林 (Apr 24)
- Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Solar Designer (Apr 24)
  - Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Jakub Wilk (Apr 24)
    - Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Solar Designer (Apr 24)
    - Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Jacob Bachmeyer (Apr 25)

文章来源: https://seclists.org/oss-sec/2025/q2/93
如有侵权请联系:admin#unsafe.sh