QWebSocketProtocol: fix potential UB (signed overflow) in masking operation

The size of the payload is a 64-bit integer, which the loop counts down. If the size is > INT_MAX, then we'll overflow the int i used to track the current position in the mask. Fix by using an unsigned integer type instead. Change-Id: Ia3b8d42ae906eb03c1c7399cb1137a08121fcde3 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit 38218494a65049b5f9da7a8aab012a969c7dac86) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
author: Marc Mutz <marc.mutz@qt.io> 2021-12-17 09:08:45 +0100
committer: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> 2021-12-17 11:17:34 +0000
commit: 6b31ac7bf9f556bfdfbb51a16b7dd9ca65096860 (patch)
tree: 2752ae394cc9667aa90218b889a75a9148d3b7a1
parent: 9bfa05285b720fa79d4b80492903db129e3f3f1d (diff)
download: qtwebsockets-6b31ac7bf9f556bfdfbb51a16b7dd9ca65096860.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/websockets/qwebsocketprotocol.cpp b/src/websockets/qwebsocketprotocol.cpp
index fc77632..319cc8f 100644
--- a/src/websockets/qwebsocketprotocol.cpp
+++ b/src/websockets/qwebsocketprotocol.cpp
@@ -210,7 +210,7 @@ void QWebSocketProtocol::mask(char *payload, quint64 size, quint32 maskingKey)
                             quint8((maskingKey & 0x0000FF00u) >> 8),
                             quint8((maskingKey & 0x000000FFu))
                           };
-    int i = 0;
+    quint64 i = 0;
     while (size-- > 0)
         *payload++ ^= mask[i++ % 4];
 }
author	Marc Mutz <marc.mutz@qt.io>	2021-12-17 09:08:45 +0100
committer	Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>	2021-12-17 11:17:34 +0000
commit	6b31ac7bf9f556bfdfbb51a16b7dd9ca65096860 (patch)
tree	2752ae394cc9667aa90218b889a75a9148d3b7a1
parent	9bfa05285b720fa79d4b80492903db129e3f3f1d (diff)
download	qtwebsockets-6b31ac7bf9f556bfdfbb51a16b7dd9ca65096860.tar.gz