qUncompress: statically assert that arithmetic overflow cannot occur
... because the limit we check against, doubled, is still within the range of size_t. Took me a while to prove this to myself, so document the finding in a static assertion. Change-Id: Ib2d1bb825c1693ccc4ffa1d8fc0bd455a170337f Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> (cherry picked from commit c97bcaaa1aa95570bd4911294bc8a0cb557b168d) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
parent
9adc7c3a42
commit
cab293de79
@ -609,7 +609,7 @@ QByteArray qUncompress(const uchar* data, qsizetype nbytes)
|
||||
size_t expectedSize = size_t((data[0] << 24) | (data[1] << 16) |
|
||||
(data[2] << 8) | (data[3] ));
|
||||
size_t len = qMax(expectedSize, 1ul);
|
||||
const size_t maxPossibleSize = MaxAllocSize - sizeof(QByteArray::Data);
|
||||
constexpr size_t maxPossibleSize = MaxAllocSize - sizeof(QByteArray::Data);
|
||||
if (Q_UNLIKELY(len >= maxPossibleSize)) {
|
||||
// QByteArray does not support that huge size anyway.
|
||||
return invalidCompressedData();
|
||||
@ -638,6 +638,8 @@ QByteArray qUncompress(const uchar* data, qsizetype nbytes)
|
||||
return QByteArray();
|
||||
|
||||
case Z_BUF_ERROR:
|
||||
static_assert(maxPossibleSize <= (std::numeric_limits<decltype(len)>::max)() / 2,
|
||||
"oops, next line may overflow");
|
||||
len *= 2;
|
||||
if (Q_UNLIKELY(len >= maxPossibleSize)) {
|
||||
// QByteArray does not support that huge size anyway.
|
||||
|
Loading…
x
Reference in New Issue
Block a user