From 3a32e51c6eb4606d73f47923da3eaa80f12d0f56 Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@qt.io>
Date: Tue, 6 Sep 2022 21:36:48 +0200
Subject: [PATCH] qUncompress: limit MaxDecompressedSize to what zlib can
 handle
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

... which may be less than what QByteArray can handle, e.g. on Windows,
where long, used in the zlib API as the size type, is just 32-bit.

Re-define MaxDecompressedSize as the minimum of the maximum sizes
supported by each of QByteArray and zlib, so we respect each library's
individual limit.

Task-number: QTBUG-104972
Change-Id: If1894ae7a1888f651a82b153d463658c272287e3
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit f3512ada092111a787d5d067551451fc91b8491d)
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
---
 src/corelib/text/qbytearray.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/corelib/text/qbytearray.cpp b/src/corelib/text/qbytearray.cpp
index c3342616589..10c8def113a 100644
--- a/src/corelib/text/qbytearray.cpp
+++ b/src/corelib/text/qbytearray.cpp
@@ -632,7 +632,8 @@ QByteArray qUncompress(const uchar* data, qsizetype nbytes)
     size_t expectedSize = size_t((data[0] << 24) | (data[1] << 16) |
                                  (data[2] <<  8) | (data[3]      ));
     size_t len = qMax(expectedSize, 1ul);
-    constexpr size_t MaxDecompressedSize = size_t(MaxByteArraySize);
+    constexpr size_t MaxZLibSize = (std::numeric_limits<uLong>::max)();
+    constexpr size_t MaxDecompressedSize = (std::min)(size_t(MaxByteArraySize), MaxZLibSize);
     if (len > MaxDecompressedSize)
         return invalidCompressedData();