1 files changed, 17 insertions, 6 deletions

diff --git a/src/qml/jsruntime/qv4compilationunitmapper_unix.cpp b/src/qml/jsruntime/qv4compilationunitmapper_unix.cpp
index d7364f8706..204e222121 100644
--- a/src/qml/jsruntime/qv4compilationunitmapper_unix.cpp
+++ b/src/qml/jsruntime/qv4compilationunitmapper_unix.cpp
@@ -3,13 +3,14 @@
 
 #include "qv4compilationunitmapper_p.h"
 
-#include <sys/mman.h>
-#include <functional>
 #include <private/qcore_unix_p.h>
-#include <QScopeGuard>
-#include <QDateTime>
+#include <private/qv4compileddata_p.h>
 
-#include "qv4executablecompilationunit_p.h"
+#include <QtCore/qscopeguard.h>
+#include <QtCore/qdatetime.h>
+
+#include <functional>
+#include <sys/mman.h>
 
 QT_BEGIN_NAMESPACE
 
@@ -37,12 +38,22 @@ CompiledData::Unit *CompilationUnitMapper::open(const QString &cacheFileName, co
         return nullptr;
     }
 
-    if (!ExecutableCompilationUnit::verifyHeader(&header, sourceTimeStamp, errorString))
+    if (!header.verifyHeader(sourceTimeStamp, errorString))
         return nullptr;
 
     // Data structure and qt version matched, so now we can access the rest of the file safely.
 
     length = static_cast<size_t>(lseek(fd, 0, SEEK_END));
+    /* Error out early on file corruption. We assume we can read header.unitSize bytes
+       later (even before verifying the checksum), potentially causing out-of-bound
+       reads
+       Also, no need to wait until checksum verification if we know beforehand
+       that the cached unit is bogus
+    */
+    if (length != header.unitSize) {
+        *errorString = QStringLiteral("Potential file corruption, file too small");
+        return nullptr;
+    }
 
     void *ptr = mmap(nullptr, length, PROT_READ, MAP_SHARED, fd, /*offset*/0);
     if (ptr == MAP_FAILED) {