From f76ee96e583f73e28de409784d4d9ec0744f1553 Mon Sep 17 00:00:00 2001
From: Vladimir Belyavsky <belyavskyv@gmail.com>
Date: Wed, 6 Sep 2023 12:49:45 +0300
Subject: [PATCH] QNetworkReply: fix potential nullptr access in
 loadFromCacheIfAllowed()

Fix a potential nullptr access in
QNetworkReplyHttpImplPrivate::loadFromCacheIfAllowed() on accessing to
QAbstractNetworkCache::data(). It is not yet clear in what cases
cached data can be null, especially if metaData is present,
but we have user reports of such crashes.

Amends a6776de0c70d23ac197682c7bef603450cb8b03f

Fixes: QTBUG-116788
Change-Id: I548065c6f809d9d45db6dd785c28acbdc77621e2
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 74fb2519e32760dbe9f10a9ffd2b460d827062a5)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/network/access/qnetworkreplyhttpimpl.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/network/access/qnetworkreplyhttpimpl.cpp b/src/network/access/qnetworkreplyhttpimpl.cpp
index a847ff16a8d..a21fa23fb0f 100644
--- a/src/network/access/qnetworkreplyhttpimpl.cpp
+++ b/src/network/access/qnetworkreplyhttpimpl.cpp
@@ -505,7 +505,8 @@ bool QNetworkReplyHttpImplPrivate::loadFromCacheIfAllowed(QHttpNetworkRequest &h
 
     it = cacheHeaders.findRawHeader("content-length");
     if (it != cacheHeaders.rawHeaders.constEnd()) {
-        if (nc->data(httpRequest.url())->size() < it->second.toLongLong())
+        QIODevice *data = nc->data(httpRequest.url());
+        if (!data || data->size() < it->second.toLongLong())
             return false; // The data is smaller than the content-length specified
     }