diff options
author | Thiago Macieira <thiago.macieira@intel.com> | 2020-04-15 18:52:49 -0300 |
---|---|---|
committer | Thiago Macieira <thiago.macieira@intel.com> | 2020-04-22 18:04:30 -0300 |
commit | fdea55cb9832a194b5ec1262e216f12ae644ba6b (patch) | |
tree | 3c13a8074a086c2d66bf16597371b01e784ff7e9 /src | |
parent | 94b02f6cb20fcb597416a46f7e2defced39fb774 (diff) |
QCborValue: fix double-accounting of the usedData when decoding strings
We can only update usedData at the end, after we've decoded all chunks.
The update inside the lambda was double-accounting for the first chunk,
which could lead to signed integer overflows in usedData.
Not unit-testable since the usedData value is not visible in the API.
Change-Id: Ibdc95e9af7bd456a94ecfffd16061cc955208859
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/corelib/serialization/qcborvalue.cpp | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/src/corelib/serialization/qcborvalue.cpp b/src/corelib/serialization/qcborvalue.cpp index c45a09ad99..90b45fb853 100644 --- a/src/corelib/serialization/qcborvalue.cpp +++ b/src/corelib/serialization/qcborvalue.cpp @@ -1561,8 +1561,6 @@ void QCborContainerPrivate::decodeStringFromCbor(QCborStreamReader &reader) if (newSize > MaxByteArraySize) return -1; - // since usedData <= data.size(), this can't overflow - usedData += increment; data.resize(newSize); return offset; }; |