qt5-qtbase/qtbase5.15-CVE-2023-51714.patch

From 061cbe5796a9ff1e998bd5753bb5b44e4481df11 Mon Sep 17 00:00:00 2001
From: peijiankang <peijiankang@kylinos.cn>
Date: Wed, 31 Jan 2024 13:38:10 +0800
Subject: [PATCH] qtbase5.15-CVE-2023-51714

---
 src/network/access/http2/hpacktable.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
index fddb5fec..315f3e23 100644
--- a/src/network/access/http2/hpacktable.cpp
+++ b/src/network/access/http2/hpacktable.cpp
@@ -40,6 +40,7 @@
 #include "hpacktable_p.h"
 
 #include <QtCore/qdebug.h>
+#include <QtCore/private/qnumeric_p.h>
 
 #include <algorithm>
 #include <cstddef>
@@ -62,8 +63,10 @@ HeaderSize entry_size(const QByteArray &name, const QByteArray &value)
     // for counting the number of references to the name and value would have
     // 32 octets of overhead."
 
-    const unsigned sum = unsigned(name.size() + value.size());
-    if (std::numeric_limits<unsigned>::max() - 32 < sum)
+    size_t sum;
+    if (add_overflow(size_t(name.size()), size_t(value.size()), &sum))
+        return HeaderSize();
+    if (sum > (std::numeric_limits<unsigned>::max() - 32))
         return HeaderSize();
     return HeaderSize(true, quint32(sum + 32));
 }
-- 
2.41.0
qtbase5.15-CVE-2023-51714 2024-01-31 13:40:16 +08:00			`From 061cbe5796a9ff1e998bd5753bb5b44e4481df11 Mon Sep 17 00:00:00 2001`
			`From: peijiankang <peijiankang@kylinos.cn>`
			`Date: Wed, 31 Jan 2024 13:38:10 +0800`
			`Subject: [PATCH] qtbase5.15-CVE-2023-51714`

			`---`
			`src/network/access/http2/hpacktable.cpp \| 7 +++++--`
			`1 file changed, 5 insertions(+), 2 deletions(-)`

			`diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp`
			`index fddb5fec..315f3e23 100644`
			`--- a/src/network/access/http2/hpacktable.cpp`
			`+++ b/src/network/access/http2/hpacktable.cpp`
			`@@ -40,6 +40,7 @@`
			`#include "hpacktable_p.h"`

			`#include <QtCore/qdebug.h>`
			`+#include <QtCore/private/qnumeric_p.h>`

			`#include <algorithm>`
			`#include <cstddef>`
			`@@ -62,8 +63,10 @@ HeaderSize entry_size(const QByteArray &name, const QByteArray &value)`
			`// for counting the number of references to the name and value would have`
			`// 32 octets of overhead."`

			`- const unsigned sum = unsigned(name.size() + value.size());`
			`- if (std::numeric_limits<unsigned>::max() - 32 < sum)`
			`+ size_t sum;`
			`+ if (add_overflow(size_t(name.size()), size_t(value.size()), &sum))`
			`+ return HeaderSize();`
			`+ if (sum > (std::numeric_limits<unsigned>::max() - 32))`
			`return HeaderSize();`
			`return HeaderSize(true, quint32(sum + 32));`
			`}`
			`--`
			`2.41.0`