QAsn1Element: Avoid overflow in QAsn1Element::toInteger

Fixes oss-fuzz issue 29534. Pick-to: 5.15 6.0 6.1 Change-Id: I51d0b8238c73e5860c40d3b74577ddb8926647a3 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2021-02-01 17:57:40 +01:00 · 2021-02-01 17:57:40 +01:00 · 11a3eab1e1
commit 11a3eab1e1
parent eb3395328a
1 changed files with 3 additions and 2 deletions
--- a/src/network/ssl/qasn1element.cpp
+++ b/src/network/ssl/qasn1element.cpp
@ -327,8 +327,9 @@ qint64 QAsn1Element::toInteger(bool *ok) const
        return 0;
    }

-    // NOTE: negative numbers are not handled
-    if (mValue.at(0) & 0x80) {
+    // NOTE: - negative numbers are not handled
+    //       - greater sizes would overflow
+    if (mValue.at(0) & 0x80 || mValue.size() > 8) {
        if (ok)
            *ok = false;
        return 0;