vcpkg/ports/qtbase/patches/0001-CVE-2023-51714-qtbase-6.6.diff

37 lines
1.4 KiB
Diff
Raw Normal View History

From 13c16b756900fe524f6d9534e8a07aa003c05e0c Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@qt.io>
Date: Tue, 12 Dec 2023 20:51:56 +0100
Subject: [PATCH] HPack: fix a Yoda Condition
Putting the variable on the LHS of a relational operation makes the
expression easier to read. In this case, we find that the whole
expression is nonsensical as an overflow protection, because if
name.size() + value.size() overflows, the result will exactly _not_
be > max() - 32, because UB will have happened.
To be fixed in a follow-up commit.
As a drive-by, add parentheses around the RHS.
Pick-to: 6.5 6.2 5.15
Change-Id: I35ce598884c37c51b74756b3bd2734b9aad63c09
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 658607a34ead214fbacbc2cca44915655c318ea9)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 4f7efd41740107f90960116700e3134f5e433867)
---
diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
index 74a09a2..c8c5d09 100644
--- a/src/network/access/http2/hpacktable.cpp
+++ b/src/network/access/http2/hpacktable.cpp
@@ -27,7 +27,7 @@
// 32 octets of overhead."
const unsigned sum = unsigned(name.size() + value.size());
- if (std::numeric_limits<unsigned>::max() - 32 < sum)
+ if (sum > (std::numeric_limits<unsigned>::max() - 32))
return HeaderSize();
return HeaderSize(true, quint32(sum + 32));
}