summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/corelib/tools/qbytearray.cpp10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/corelib/tools/qbytearray.cpp b/src/corelib/tools/qbytearray.cpp
index dc2e8e9501..68789d9297 100644
--- a/src/corelib/tools/qbytearray.cpp
+++ b/src/corelib/tools/qbytearray.cpp
@@ -541,6 +541,11 @@ QByteArray qUncompress(const uchar* data, int nbytes)
forever {
ulong alloc = len;
+ if (len >= (2 << 31) - sizeof(QByteArray::Data)) {
+ //QByteArray does not support that huge size anyway.
+ qWarning("qUncompress: Input data is corrupted");
+ return QByteArray();
+ }
QByteArray::Data *p = static_cast<QByteArray::Data *>(qRealloc(d.data(), sizeof(QByteArray::Data) + alloc));
if (!p) {
// we are not allowed to crash here when compiling with QT_NO_EXCEPTIONS
@@ -556,6 +561,11 @@ QByteArray qUncompress(const uchar* data, int nbytes)
switch (res) {
case Z_OK:
if (len != alloc) {
+ if (len >= (2 << 31) - sizeof(QByteArray::Data)) {
+ //QByteArray does not support that huge size anyway.
+ qWarning("qUncompress: Input data is corrupted");
+ return QByteArray();
+ }
QByteArray::Data *p = static_cast<QByteArray::Data *>(qRealloc(d.data(), sizeof(QByteArray::Data) + len));
if (!p) {
// we are not allowed to crash here when compiling with QT_NO_EXCEPTIONS
View Lorry Controller Status