HPack: fix incorrect integer overflow check

This code never worked: For the comparison with max() - 32 to trigger, on 32-bit platforms (or Qt 5) signed interger overflow would have had to happen in the addition of the two sizes. The compiler can therefore remove the overflow check as dead code. On Qt 6 and 64-bit platforms, the signed integer addition would be very unlikely to overflow, but the following truncation to uint32 would yield the correct result only in a narrow 32-value window just below UINT_MAX, if even that. Fix by using the proper tool, qAddOverflow. Pick-to: 6.2 5.15 Change-Id: I7599f2e75ff7f488077b0c60b81022591005661c Reviewed-by: Allan Sandfeld Jensen <[email protected]> (cherry picked from commit ee5da1f) Reviewed-by: Qt Cherry-pick Bot <[email protected]> (cherry picked from commit debeb88) Reviewed-by: Thiago Macieira <[email protected]> Reviewed-by: Marc Mutz <[email protected]> (cherry picked from commit 811b9ee)
autodesk-forks · Feb 7, 2024 · 76a65aa · 76a65aa
1 parent 2d648a8
commit 76a65aa
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
@@ -26,7 +26,9 @@ HeaderSize entry_size(QByteArrayView name, QByteArrayView value)
     // for counting the number of references to the name and value would have
     // 32 octets of overhead."
 
-    const unsigned sum = unsigned(name.size() + value.size());
+    size_t sum;
+    if (qAddOverflow(size_t(name.size()), size_t(value.size()), &sum))
+        return HeaderSize();
     if (sum > (std::numeric_limits<unsigned>::max() - 32))
         return HeaderSize();
     return HeaderSize(true, quint32(sum + 32));