From f500429ace52dac4562407045d85d3886d13a718 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= Date: Wed, 7 Feb 2024 18:56:22 +0100 Subject: [PATCH] QHttp2ProtocolHandler: prevent truncation in arithmetic operations On 64-bit systems, both the requests.size() and the activeStreams.size() were truncated to uint32_t values from int64_t ones. While extremely unlikely that either will contain more than 4Gi elements, avoid the truncation by verifying that the `max` amount of streams is larger than the activeStreams, and then using size_t for the range. Change-Id: I50644cb634bab0f020acf9aea1d03744b11dbe51 Reviewed-by: Edward Welbourne Reviewed-by: Timur Pocheptsov Reviewed-by: Juha Vuolle (cherry picked from commit 22c99cf498103c86baa5a415ca34630396e5b6aa) Reviewed-by: Qt Cherry-pick Bot --- src/network/access/qhttp2protocolhandler.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp index e887b460042..8f83b98b3e0 100644 --- a/src/network/access/qhttp2protocolhandler.cpp +++ b/src/network/access/qhttp2protocolhandler.cpp @@ -325,11 +325,11 @@ bool QHttp2ProtocolHandler::sendRequest() initReplyFromPushPromise(message, key); } - const auto streamsToUse = std::min(maxConcurrentStreams > quint32(activeStreams.size()) - ? maxConcurrentStreams - quint32(activeStreams.size()) : 0, - requests.size()); + Q_ASSERT(qint64(maxConcurrentStreams) >= activeStreams.size()); + const size_t streamsToUse = std::min(maxConcurrentStreams - size_t(activeStreams.size()), + size_t(requests.size())); auto it = requests.begin(); - for (quint32 i = 0; i < streamsToUse; ++i) { + for (size_t i = 0; i < streamsToUse; ++i) { const qint32 newStreamID = createNewStream(*it); if (!newStreamID) { // TODO: actually we have to open a new connection.