diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-04-07 15:48:46 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-04-27 15:25:32 +0200 |
commit | a1f9729b740e410f818864588d4829275c4d5f52 (patch) | |
tree | b32160d8d3d82b6a2ba5d0aedbeab452272bde29 /src | |
parent | 41387bb330bb694f7e423f180bdbf88c7200985b (diff) |
Fix 32bit int overflow
Do not continue if the conversion to 32bit int would cause an overflow.
Change-Id: I8a198dce5962e7ebd248b9baa92aba8730bfd3b0
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/network/ssl/qasn1element.cpp | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp index 6558643386..5634332a67 100644 --- a/src/network/ssl/qasn1element.cpp +++ b/src/network/ssl/qasn1element.cpp @@ -45,6 +45,7 @@ #include <QtCore/qvector.h> #include <QDebug> +#include <limits> #include <locale> QT_BEGIN_NAMESPACE @@ -120,7 +121,7 @@ bool QAsn1Element::read(QDataStream &stream) return false; // length - qint64 length = 0; + quint64 length = 0; quint8 first; stream >> first; if (first & 0x80) { @@ -139,11 +140,13 @@ bool QAsn1Element::read(QDataStream &stream) length = (first & 0x7f); } + if (length > quint64(std::numeric_limits<int>::max())) + return false; // value QByteArray tmpValue; tmpValue.resize(length); int count = stream.readRawData(tmpValue.data(), tmpValue.size()); - if (count != length) + if (count != int(length)) return false; mType = tmpType; |