diff options
| author | Qt Forward Merge Bot <qt_forward_merge_bot@qt-project.org> | 2020-05-14 14:01:32 +0200 |
|---|---|---|
| committer | Qt Forward Merge Bot <qt_forward_merge_bot@qt-project.org> | 2020-05-14 14:01:32 +0200 |
| commit | 76fe36645eb41fa35e526a97874f1e15a39c3823 (patch) | |
| tree | aea94a0ee4fbd3e7187666999d3b9b825c7a43af /src | |
| parent | d68f3a81c9073c64e4492dfca33eeafccb460c6f (diff) | |
| parent | ba3b53cb501a77144aa6259e48a8e0edc3d1481d (diff) | |
| download | qtbase-76fe36645eb41fa35e526a97874f1e15a39c3823.tar.gz | |
Merge remote-tracking branch 'origin/5.15.0' into 5.15
Change-Id: I06396fa0a3d1687a0935e48d290358edbb0e59e8
Diffstat (limited to 'src')
| -rw-r--r-- | src/corelib/io/qstandardpaths_win.cpp | 7 | ||||
| -rw-r--r-- | src/corelib/serialization/qcborvalue.cpp | 2 | ||||
| -rw-r--r-- | src/gui/painting/qicc.cpp | 3 |
3 files changed, 9 insertions, 3 deletions
diff --git a/src/corelib/io/qstandardpaths_win.cpp b/src/corelib/io/qstandardpaths_win.cpp index 5055f4020c..cbe4ccd0b2 100644 --- a/src/corelib/io/qstandardpaths_win.cpp +++ b/src/corelib/io/qstandardpaths_win.cpp @@ -47,6 +47,7 @@ #include <qcoreapplication.h> #endif +#include <qoperatingsystemversion.h> #include <qt_windows.h> #include <shlobj.h> #include <intshcut.h> @@ -99,7 +100,11 @@ static bool isProcessLowIntegrity() { // Disable function until Qt CI is updated return false; #else - HANDLE process_token = GetCurrentProcessToken(); // non-leaking pseudo-handle + if (QOperatingSystemVersion::current() < QOperatingSystemVersion::Windows8) + return false; + // non-leaking pseudo-handle. Expanded inline function GetCurrentProcessToken() + // (was made an inline function in Windows 8). + const auto process_token = HANDLE(quintptr(-4)); QVarLengthArray<char,256> token_info_buf(256); auto* token_info = reinterpret_cast<TOKEN_MANDATORY_LABEL*>(token_info_buf.data()); diff --git a/src/corelib/serialization/qcborvalue.cpp b/src/corelib/serialization/qcborvalue.cpp index 3bca15d562..89a928d348 100644 --- a/src/corelib/serialization/qcborvalue.cpp +++ b/src/corelib/serialization/qcborvalue.cpp @@ -1636,7 +1636,7 @@ void QCborContainerPrivate::decodeStringFromCbor(QCborStreamReader &reader) if (len == rawlen) { auto oldSize = data.size(); auto newSize = oldSize; - if (!add_overflow(newSize, len, &newSize)) { + if (!add_overflow(newSize, len, &newSize) && newSize < MaxByteArraySize) { if (newSize != oldSize) data.resize(newSize); diff --git a/src/gui/painting/qicc.cpp b/src/gui/painting/qicc.cpp index 2b5cd58fb1..b7c8e8f824 100644 --- a/src/gui/painting/qicc.cpp +++ b/src/gui/painting/qicc.cpp @@ -225,7 +225,7 @@ static bool isValidIccProfile(const ICCProfileHeader &header) } // Don't overflow 32bit integers: - if (header.tagCount >= INT32_MAX / sizeof(TagTableEntry)) { + if (header.tagCount >= (INT32_MAX - sizeof(ICCProfileHeader)) / sizeof(TagTableEntry)) { qCWarning(lcIcc, "Failed tag count sanity"); return false; } @@ -629,6 +629,7 @@ bool fromIccProfile(const QByteArray &data, QColorSpace *colorSpace) // Read tag index const TagTableEntry *tagTable = (const TagTableEntry *)(data.constData() + sizeof(ICCProfileHeader)); const qsizetype offsetToData = sizeof(ICCProfileHeader) + header->tagCount * sizeof(TagTableEntry); + Q_ASSERT(offsetToData > 0); if (offsetToData > data.size()) { qCWarning(lcIcc) << "fromIccProfile: failed index size sanity"; return false; |