Dirk Mueller reported an off by one buffer overflow flaw in the way QT parses
certain unicode strings.
To quote Dirk:
I`ve found a off-by-one buffer overflow in QUtf8Decoder::toUnicode().
It is not exploitable with Qt 4.x or above because there is an
additional QChar(0) being allocated in QString, however it is still a
bug there, as the array returned by utf16() etc is no longer
Created attachment 181821 [details]
Proposed patch for QT3
Created attachment 181841 [details]
Proposed patch for QT4
public, removing embargo
This issue was addressed in:
Red Hat Enterprise Linux: