From a1f9729b740e410f818864588d4829275c4d5f52 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Tue, 7 Apr 2020 15:48:46 +0200 Subject: [PATCH] Fix 32bit int overflow Do not continue if the conversion to 32bit int would cause an overflow. Change-Id: I8a198dce5962e7ebd248b9baa92aba8730bfd3b0 Reviewed-by: Edward Welbourne --- src/network/ssl/qasn1element.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp index 6558643386..5634332a67 100644 --- a/src/network/ssl/qasn1element.cpp +++ b/src/network/ssl/qasn1element.cpp @@ -45,6 +45,7 @@ #include #include +#include #include QT_BEGIN_NAMESPACE @@ -120,7 +121,7 @@ bool QAsn1Element::read(QDataStream &stream) return false; // length - qint64 length = 0; + quint64 length = 0; quint8 first; stream >> first; if (first & 0x80) { @@ -139,11 +140,13 @@ bool QAsn1Element::read(QDataStream &stream) length = (first & 0x7f); } + if (length > quint64(std::numeric_limits::max())) + return false; // value QByteArray tmpValue; tmpValue.resize(length); int count = stream.readRawData(tmpValue.data(), tmpValue.size()); - if (count != length) + if (count != int(length)) return false; mType = tmpType;