From 783d574b932288b61f915b28d5b7b9c5a979f58e Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@intel.com>
Date: Fri, 6 Mar 2020 13:38:17 -0800
Subject: CBOR support: prevent overflowing QByteArray's max allocation

QByteArray doesn't like it.

Apply the same protection to QString, which we know uses the same
backend but uses elements twice as big. That means it can contain
slightly more than half as many elements, but exact half will suffice
for our needs.

Change-Id: Iaa63461109844e978376fffd15f9d4c7a9137856
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
---
 src/corelib/text/qbytearray_p.h | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'src/corelib/text/qbytearray_p.h')

diff --git a/src/corelib/text/qbytearray_p.h b/src/corelib/text/qbytearray_p.h
index 3c6257f786..ffec6dca22 100644
--- a/src/corelib/text/qbytearray_p.h
+++ b/src/corelib/text/qbytearray_p.h
@@ -56,10 +56,9 @@
 
 QT_BEGIN_NAMESPACE
 
-enum {
-    // Define as enum to force inlining. Don't expose MaxAllocSize in a public header.
-    MaxByteArraySize = MaxAllocSize - sizeof(std::remove_pointer<QByteArray::DataPtr>::type)
-};
+// -1 because of the terminating NUL
+constexpr qsizetype MaxByteArraySize = MaxAllocSize - sizeof(std::remove_pointer<QByteArray::DataPtr>::type) - 1;
+constexpr qsizetype MaxStringSize = (MaxAllocSize - sizeof(std::remove_pointer<QByteArray::DataPtr>::type)) / 2 - 1;
 
 QT_END_NAMESPACE
 
-- 
cgit v1.2.3