Fix 32bit int overflow

Do not continue if the conversion to 32bit int would cause an overflow. Change-Id: I8a198dce5962e7ebd248b9baa92aba8730bfd3b0 Reviewed-by: Edward Welbourne <[email protected]>
doytsujin · Apr 27, 2020 · a1f9729 · a1f9729
1 parent 41387bb
commit a1f9729
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp
@@ -45,6 +45,7 @@
 #include <QtCore/qvector.h>
 #include <QDebug>
 
+#include <limits>
 #include <locale>
 
 QT_BEGIN_NAMESPACE
@@ -120,7 +121,7 @@ bool QAsn1Element::read(QDataStream &stream)
         return false;
 
     // length
-    qint64 length = 0;
+    quint64 length = 0;
     quint8 first;
     stream >> first;
     if (first & 0x80) {
@@ -139,11 +140,13 @@ bool QAsn1Element::read(QDataStream &stream)
         length = (first & 0x7f);
     }
 
+    if (length > quint64(std::numeric_limits<int>::max()))
+        return false;
     // value
     QByteArray tmpValue;
     tmpValue.resize(length);
     int count = stream.readRawData(tmpValue.data(), tmpValue.size());
-    if (count != length)
+    if (count != int(length))
         return false;
 
     mType = tmpType;