1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qUncompress: statically assert that arithmetic overflow cannot occur

Browse Source 
... because the limit we check against, doubled, is still within the
range of size_t.

Took me a while to prove this to myself, so document the finding in a
static assertion.

Change-Id: Ib2d1bb825c1693ccc4ffa1d8fc0bd455a170337f
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit c97bcaaa1aa95570bd4911294bc8a0cb557b168d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Marc Mutz 2022-09-06 16:53:23 +02:00 committed by Qt Cherry-pick Bot
parent 9adc7c3a42
commit cab293de79
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/corelib/text/qbytearray.cpp
View File

@ -609,7 +609,7 @@ QByteArray qUncompress(const uchar* data, qsizetype nbytes)
size_t expectedSize = size_t((data[0] << 24) | (data[1] << 16) |
(data[2] << 8) | (data[3] ));
size_t len = qMax(expectedSize, 1ul);
const size_t maxPossibleSize = MaxAllocSize - sizeof(QByteArray::Data);
constexpr size_t maxPossibleSize = MaxAllocSize - sizeof(QByteArray::Data);
if (Q_UNLIKELY(len >= maxPossibleSize)) {
// QByteArray does not support that huge size anyway.
return invalidCompressedData();
@ -638,6 +638,8 @@ QByteArray qUncompress(const uchar* data, qsizetype nbytes)
return QByteArray();
case Z_BUF_ERROR:
static_assert(maxPossibleSize <= (std::numeric_limits<decltype(len)>::max)() / 2,
"oops, next line may overflow");
len *= 2;
if (Q_UNLIKELY(len >= maxPossibleSize)) {
// QByteArray does not support that huge size anyway.