• xmunk
    link
    fedilink
    arrow-up
    2
    arrow-down
    3
    ·
    7 months ago

    Vanishingly small. In Qt that’d have to be an issue in QStringList IIRC.

    • arendjr@programming.dev
      link
      fedilink
      arrow-up
      5
      arrow-down
      2
      ·
      edit-2
      7 months ago

      That’s certainly not the case, because that’s like saying the issue is with Rust’s string slices. I think you may have missed the part of the issue where batch scripts require additional escaping due to Windows’ command handling. It’s a ridiculous design of the Windows API system, which is also why (almost?) every language they tested was vulnerable, so it would be actually very outstanding if Qt prevented this.

      For C++ devs not using Qt it’s just another footgun they’ll likely keep introducing security issues with as well. But if you do use Qt, I think it’s better to double-check since it may also require a patch.