diff options
author | Thiago Macieira <thiago.macieira@intel.com> | 2019-08-08 19:12:32 -0700 |
---|---|---|
committer | Thiago Macieira <thiago.macieira@intel.com> | 2019-08-10 17:09:18 -0700 |
commit | a08ac1986d39b4d4614f654b3408c7b846c835c9 (patch) | |
tree | 32a9a051af5c215bab92c4006fde05452dfd23aa | |
parent | aca43d29f8a1c90d14069ac602cf0ba7beaba300 (diff) |
Fix integer overflow in QCryptographicHash's SHA-3 support
Because 256 MB * 8 = 2 Gbit, but length*8 is a signed integer overflow,
hence UB.
Can't really autotest this. Not all systems where we're going to test
can allocate 256 MB of RAM.
[ChangeLog][QtCore][QCryptographicHash] Fixed a bug that caused the
SHA-3 and Keccak algorithms to crash if passed 256 MB of data or more.
Fixes: QTBUG-77362
Change-Id: Iec9c051acd73484c8d94fffd15b91f4b1450f5d7
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
-rw-r--r-- | src/corelib/tools/qcryptographichash.cpp | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/corelib/tools/qcryptographichash.cpp b/src/corelib/tools/qcryptographichash.cpp index 3c79bb797d..51f48503fb 100644 --- a/src/corelib/tools/qcryptographichash.cpp +++ b/src/corelib/tools/qcryptographichash.cpp @@ -387,19 +387,19 @@ void QCryptographicHash::addData(const char *data, int length) break; case RealSha3_224: case Keccak_224: - sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), length*8); + sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), quint64(length) * 8); break; case RealSha3_256: case Keccak_256: - sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), length*8); + sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), quint64(length) * 8); break; case RealSha3_384: case Keccak_384: - sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), length*8); + sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), quint64(length) * 8); break; case RealSha3_512: case Keccak_512: - sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), length*8); + sha3Update(&d->sha3Context, reinterpret_cast<const BitSequence *>(data), quint64(length) * 8); break; #endif } |