Http2: fix potential overflow in assemble_hpack_block() (!306) · Merge requests · Qt Project / qt / qtbase

Andreas Sturmlechner requested to merge asturmlechner/qtbase:asturmlechner/Http2-potential-overflow into kde/5.15 Jan 02, 2024

The function is given a vector of Http2::Frame's and flattens it into a vector. While each Frame can contain a maximum of 16GiB of data (24-bit size field), one "only" needs 257 of them to overflow the quint32 variable's range.

So make sure any overflow does not go undetected.

Keep the limited uint32_t range for now, as we don't know whether all consumers of the result can deal with more than 4GiB of data.

Since all these frames must be in memory, this cannot overflow in practice on 32-bit machines.

Pick-to: 6.7 6.6 6.5 6.2 5.15 Change-Id: Iafaa7d1c870cba9100e75065db11d95934f86213 Reviewed-by: Mårten Nordheim marten.nordheim@qt.io (cherry picked from commit 1e6bb61a)

asturmlechner 2024-01-02: Use correct include for 5.15

Http2: fix potential overflow in assemble_hpack_block()

Merge request reports