Fix 32bit int overflow

Do not continue if the conversion to 32bit int would cause an overflow. Change-Id: I8a198dce5962e7ebd248b9baa92aba8730bfd3b0 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2020-04-07 15:48:46 +0200
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2020-04-27 15:25:32 +0200
commit: a1f9729b740e410f818864588d4829275c4d5f52 (patch)
tree: b32160d8d3d82b6a2ba5d0aedbeab452272bde29
parent: 41387bb330bb694f7e423f180bdbf88c7200985b (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp
index 6558643386..5634332a67 100644
--- a/src/network/ssl/qasn1element.cpp
+++ b/src/network/ssl/qasn1element.cpp
@@ -45,6 +45,7 @@
 #include <QtCore/qvector.h>
 #include <QDebug>
 
+#include <limits>
 #include <locale>
 
 QT_BEGIN_NAMESPACE
@@ -120,7 +121,7 @@ bool QAsn1Element::read(QDataStream &stream)
         return false;
 
     // length
-    qint64 length = 0;
+    quint64 length = 0;
     quint8 first;
     stream >> first;
     if (first & 0x80) {
@@ -139,11 +140,13 @@ bool QAsn1Element::read(QDataStream &stream)
         length = (first & 0x7f);
     }
 
+    if (length > quint64(std::numeric_limits<int>::max()))
+        return false;
     // value
     QByteArray tmpValue;
     tmpValue.resize(length);
     int count = stream.readRawData(tmpValue.data(), tmpValue.size());
-    if (count != length)
+    if (count != int(length))
         return false;
 
     mType = tmpType;
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2020-04-07 15:48:46 +0200
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2020-04-27 15:25:32 +0200
commit	a1f9729b740e410f818864588d4829275c4d5f52 (patch)
tree	b32160d8d3d82b6a2ba5d0aedbeab452272bde29
parent	41387bb330bb694f7e423f180bdbf88c7200985b (diff)