diff options
| author | Marc Mutz <marc.mutz@qt.io> | 2022-09-07 16:47:49 +0200 |
|---|---|---|
| committer | Marc Mutz <marc.mutz@qt.io> | 2022-09-08 23:57:26 +0200 |
| commit | b84f4be6b78feec617b8d97b00a8231c15d83f67 (patch) | |
| tree | 9a6f1ff2110f1be4757180579236862d6fd8ac77 /src | |
| parent | 95e315a66e4cc6bcafc442b6e5d5377b82ba8295 (diff) | |
qUncompress: use existing MaxByteArraySize
... instead of rolling your own.
Since MaxByteArraySize already adjusts for the trailing NUL byte in
QByteArray, the odd 'len >= max' now become a more natural 'len >
max'.
Rename the limit variable to MaxDecompressedSize, which is more
specific, and remove comments that now look out of place.
As a drive-by, re-arrange an else branch that, had it stayed, would
have required an adjusted if branch to require braces around a
single-line statement.
Pick-to: 6.4 6.3 6.2
Task-number: QTBUG-104972
Change-Id: I6805dab8391b7e51db30d99b1b8968434062d12d
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/corelib/text/qbytearray.cpp | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/src/corelib/text/qbytearray.cpp b/src/corelib/text/qbytearray.cpp index 202c725e64..8d552b7fd0 100644 --- a/src/corelib/text/qbytearray.cpp +++ b/src/corelib/text/qbytearray.cpp @@ -632,11 +632,9 @@ QByteArray qUncompress(const uchar* data, qsizetype nbytes) size_t expectedSize = size_t((data[0] << 24) | (data[1] << 16) | (data[2] << 8) | (data[3] )); size_t len = qMax(expectedSize, 1ul); - constexpr size_t maxPossibleSize = MaxAllocSize - sizeof(QByteArray::Data); - if (len >= maxPossibleSize) { - // QByteArray does not support that huge size anyway. + constexpr size_t MaxDecompressedSize = size_t(MaxByteArraySize); + if (len > MaxDecompressedSize) return invalidCompressedData(); - } QByteArray::DataPointer d(QByteArray::Data::allocate(len)); if (d.data() == nullptr) // allocation failed @@ -661,18 +659,16 @@ QByteArray qUncompress(const uchar* data, qsizetype nbytes) return QByteArray(); case Z_BUF_ERROR: - static_assert(maxPossibleSize <= (std::numeric_limits<decltype(len)>::max)() / 2, + static_assert(MaxDecompressedSize <= (std::numeric_limits<decltype(len)>::max)() / 2, "oops, next line may overflow"); len *= 2; - if (len >= maxPossibleSize) { - // QByteArray does not support that huge size anyway. + if (len > MaxDecompressedSize) return invalidCompressedData(); - } else { - // grow the block - d->reallocate(d->allocatedCapacity()*2, QArrayData::Grow); - if (d.data() == nullptr) // reallocation failed - return invalidCompressedData(); - } + + d->reallocate(d->allocatedCapacity() * 2, QArrayData::Grow); + if (d.data() == nullptr) // reallocation failed + return invalidCompressedData(); + continue; case Z_DATA_ERROR: |