From 1ace2d21f92cd9f8b09ab974ef9abf5c89463ea0 Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@qt.io>
Date: Wed, 7 Sep 2022 16:47:49 +0200
Subject: [PATCH] qUncompress: use existing MaxByteArraySize
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

... instead of rolling your own.

Since MaxByteArraySize already adjusts for the trailing NUL byte in
QByteArray, the odd 'len >= max' now become a more natural 'len >
max'.

Rename the limit variable to MaxDecompressedSize, which is more
specific, and remove comments that now look out of place.

As a drive-by, re-arrange an else branch that, had it stayed, would
have required an adjusted if branch to require braces around a
single-line statement.

Task-number: QTBUG-104972
Change-Id: I6805dab8391b7e51db30d99b1b8968434062d12d
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
(cherry picked from commit b84f4be6b78feec617b8d97b00a8231c15d83f67)
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
---
 src/corelib/text/qbytearray.cpp | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/src/corelib/text/qbytearray.cpp b/src/corelib/text/qbytearray.cpp
index a3aecd282c6..c3342616589 100644
--- a/src/corelib/text/qbytearray.cpp
+++ b/src/corelib/text/qbytearray.cpp
@@ -632,11 +632,9 @@ QByteArray qUncompress(const uchar* data, qsizetype nbytes)
     size_t expectedSize = size_t((data[0] << 24) | (data[1] << 16) |
                                  (data[2] <<  8) | (data[3]      ));
     size_t len = qMax(expectedSize, 1ul);
-    constexpr size_t maxPossibleSize = MaxAllocSize - sizeof(QByteArray::Data);
-    if (len >= maxPossibleSize) {
-        // QByteArray does not support that huge size anyway.
+    constexpr size_t MaxDecompressedSize = size_t(MaxByteArraySize);
+    if (len > MaxDecompressedSize)
         return invalidCompressedData();
-    }
 
     Q_ASSERT(len <= size_t((std::numeric_limits<qsizetype>::max)()));
     QByteArray::DataPointer d(QByteArray::Data::allocate(qsizetype(len)));
@@ -662,18 +660,16 @@ QByteArray qUncompress(const uchar* data, qsizetype nbytes)
             return QByteArray();
 
         case Z_BUF_ERROR:
-            static_assert(maxPossibleSize <= (std::numeric_limits<decltype(len)>::max)() / 2,
+            static_assert(MaxDecompressedSize <= (std::numeric_limits<decltype(len)>::max)() / 2,
                           "oops, next line may overflow");
             len *= 2;
-            if (len >= maxPossibleSize) {
-                // QByteArray does not support that huge size anyway.
+            if (len > MaxDecompressedSize)
                 return invalidCompressedData();
-            } else {
-                // grow the block
-                d->reallocate(d->allocatedCapacity()*2, QArrayData::Grow);
-                if (d.data() == nullptr) // reallocation failed
-                    return invalidCompressedData();
-            }
+
+            d->reallocate(d->allocatedCapacity() * 2, QArrayData::Grow);
+            if (d.data() == nullptr) // reallocation failed
+                return invalidCompressedData();
+
             continue;
 
         case Z_DATA_ERROR: