qUncompress: statically assert that arithmetic overflow cannot occur
... because the limit we check against, doubled, is still within the range of size_t. Took me a while to prove this to myself, so document the finding in a static assertion. Change-Id: Ib2d1bb825c1693ccc4ffa1d8fc0bd455a170337f Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> (cherry picked from commit c97bcaaa1aa95570bd4911294bc8a0cb557b168d) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
parent
9adc7c3a42
commit
cab293de79
@ -609,7 +609,7 @@ QByteArray qUncompress(const uchar* data, qsizetype nbytes)
|
|||||||
size_t expectedSize = size_t((data[0] << 24) | (data[1] << 16) |
|
size_t expectedSize = size_t((data[0] << 24) | (data[1] << 16) |
|
||||||
(data[2] << 8) | (data[3] ));
|
(data[2] << 8) | (data[3] ));
|
||||||
size_t len = qMax(expectedSize, 1ul);
|
size_t len = qMax(expectedSize, 1ul);
|
||||||
const size_t maxPossibleSize = MaxAllocSize - sizeof(QByteArray::Data);
|
constexpr size_t maxPossibleSize = MaxAllocSize - sizeof(QByteArray::Data);
|
||||||
if (Q_UNLIKELY(len >= maxPossibleSize)) {
|
if (Q_UNLIKELY(len >= maxPossibleSize)) {
|
||||||
// QByteArray does not support that huge size anyway.
|
// QByteArray does not support that huge size anyway.
|
||||||
return invalidCompressedData();
|
return invalidCompressedData();
|
||||||
@ -638,6 +638,8 @@ QByteArray qUncompress(const uchar* data, qsizetype nbytes)
|
|||||||
return QByteArray();
|
return QByteArray();
|
||||||
|
|
||||||
case Z_BUF_ERROR:
|
case Z_BUF_ERROR:
|
||||||
|
static_assert(maxPossibleSize <= (std::numeric_limits<decltype(len)>::max)() / 2,
|
||||||
|
"oops, next line may overflow");
|
||||||
len *= 2;
|
len *= 2;
|
||||||
if (Q_UNLIKELY(len >= maxPossibleSize)) {
|
if (Q_UNLIKELY(len >= maxPossibleSize)) {
|
||||||
// QByteArray does not support that huge size anyway.
|
// QByteArray does not support that huge size anyway.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user