QHttp2ProtocolHandler: prevent truncation in arithmetic operations

On 64-bit systems, both the requests.size() and the
activeStreams.size() were truncated to uint32_t values from int64_t
ones. While extremely unlikely that either will contain more than 4Gi
elements, avoid the truncation by verifying that the `max` amount of
streams is larger than the activeStreams, and then using size_t for
the range.

Pick-to: 6.7
Change-Id: I50644cb634bab0f020acf9aea1d03744b11dbe51
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Juha Vuolle <juha.vuolle@qt.io>

1 files changed, 4 insertions, 4 deletions

diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp
index d25be851bf..6388044094 100644
--- a/src/network/access/qhttp2protocolhandler.cpp
+++ b/src/network/access/qhttp2protocolhandler.cpp
@@ -326,11 +326,11 @@ bool QHttp2ProtocolHandler::sendRequest()
         initReplyFromPushPromise(message, key);
     }
 
-    const auto streamsToUse = std::min<quint32>(maxConcurrentStreams > quint32(activeStreams.size())
-                                                ? maxConcurrentStreams - quint32(activeStreams.size()) : 0,
-                                                requests.size());
+    Q_ASSERT(qint64(maxConcurrentStreams) >= activeStreams.size());
+    const size_t streamsToUse = std::min(maxConcurrentStreams - size_t(activeStreams.size()),
+                                         size_t(requests.size()));
     auto it = requests.begin();
-    for (quint32 i = 0; i < streamsToUse; ++i) {
+    for (size_t i = 0; i < streamsToUse; ++i) {
         const qint32 newStreamID = createNewStream(*it);
         if (!newStreamID) {
             // TODO: actually we have to open a new connection.