30 lines
1.1 KiB
Diff
30 lines
1.1 KiB
Diff
|
From c1d9a2e1eb0bf78cc33b558a2f78ca49fcb3cb1d Mon Sep 17 00:00:00 2001
|
||
|
|
From: peijiankang <peijiankang@kylinos.cn>
|
||
|
|
Date: Wed, 31 Jan 2024 11:31:35 +0800
|
||
|
|
Subject: [PATCH] qtbase-6.5.2-CVE-2023-51714
|
||
|
|
|
||
|
|
---
|
||
|
|
src/network/access/http2/hpacktable.cpp | 6 ++++--
|
||
|
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
|
||
|
|
index 74a09a20..2c728b37 100644
|
||
|
|
--- a/src/network/access/http2/hpacktable.cpp
|
||
|
|
+++ b/src/network/access/http2/hpacktable.cpp
|
||
|
|
@@ -26,8 +26,10 @@ HeaderSize entry_size(QByteArrayView name, QByteArrayView value)
|
||
|
|
// for counting the number of references to the name and value would have
|
||
|
|
// 32 octets of overhead."
|
||
|
|
|
||
|
|
- const unsigned sum = unsigned(name.size() + value.size());
|
||
|
|
- if (std::numeric_limits<unsigned>::max() - 32 < sum)
|
||
|
|
+ size_t sum;
|
||
|
|
+ if (qAddOverflow(size_t(name.size()), size_t(value.size()), &sum))
|
||
|
|
+ return HeaderSize();
|
||
|
|
+ if (sum > (std::numeric_limits<unsigned>::max() - 32))
|
||
|
|
return HeaderSize();
|
||
|
|
return HeaderSize(true, quint32(sum + 32));
|
||
|
|
}
|
||
|
|
--
|
||
|
|
2.41.0
|
||
|
|
|