From a08ac1986d39b4d4614f654b3408c7b846c835c9 Mon Sep 17 00:00:00 2001 From: Thiago Macieira Date: Thu, 8 Aug 2019 19:12:32 -0700 Subject: Fix integer overflow in QCryptographicHash's SHA-3 support Because 256 MB * 8 = 2 Gbit, but length*8 is a signed integer overflow, hence UB. Can't really autotest this. Not all systems where we're going to test can allocate 256 MB of RAM. [ChangeLog][QtCore][QCryptographicHash] Fixed a bug that caused the SHA-3 and Keccak algorithms to crash if passed 256 MB of data or more. Fixes: QTBUG-77362 Change-Id: Iec9c051acd73484c8d94fffd15b91f4b1450f5d7 Reviewed-by: Marc Mutz --- src/corelib/tools/qcryptographichash.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/corelib/tools/qcryptographichash.cpp') diff --git a/src/corelib/tools/qcryptographichash.cpp b/src/corelib/tools/qcryptographichash.cpp index 3c79bb797d..51f48503fb 100644 --- a/src/corelib/tools/qcryptographichash.cpp +++ b/src/corelib/tools/qcryptographichash.cpp @@ -387,19 +387,19 @@ void QCryptographicHash::addData(const char *data, int length) break; case RealSha3_224: case Keccak_224: - sha3Update(&d->sha3Context, reinterpret_cast(data), length*8); + sha3Update(&d->sha3Context, reinterpret_cast(data), quint64(length) * 8); break; case RealSha3_256: case Keccak_256: - sha3Update(&d->sha3Context, reinterpret_cast(data), length*8); + sha3Update(&d->sha3Context, reinterpret_cast(data), quint64(length) * 8); break; case RealSha3_384: case Keccak_384: - sha3Update(&d->sha3Context, reinterpret_cast(data), length*8); + sha3Update(&d->sha3Context, reinterpret_cast(data), quint64(length) * 8); break; case RealSha3_512: case Keccak_512: - sha3Update(&d->sha3Context, reinterpret_cast(data), length*8); + sha3Update(&d->sha3Context, reinterpret_cast(data), quint64(length) * 8); break; #endif } -- cgit v1.2.3