diff options
author | Marc Mutz <marc.mutz@qt.io> | 2021-12-17 09:08:45 +0100 |
---|---|---|
committer | Marc Mutz <marc.mutz@qt.io> | 2021-12-17 11:10:55 +0100 |
commit | 38218494a65049b5f9da7a8aab012a969c7dac86 (patch) | |
tree | 822a99325f1f74f699da9e1965ca35d307f8da27 /src/websockets | |
parent | 59af44684bed898395a42a9bafc783ea4b3d0f78 (diff) | |
download | qtwebsockets-38218494a65049b5f9da7a8aab012a969c7dac86.tar.gz |
QWebSocketProtocol: fix potential UB (signed overflow) in masking operation
The size of the payload is a 64-bit integer, which the loop counts
down. If the size is > INT_MAX, then we'll overflow the int i used to
track the current position in the mask.
Fix by using an unsigned integer type instead.
Pick-to: 6.3 6.2 5.15
Change-Id: Ia3b8d42ae906eb03c1c7399cb1137a08121fcde3
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/websockets')
-rw-r--r-- | src/websockets/qwebsocketprotocol.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/websockets/qwebsocketprotocol.cpp b/src/websockets/qwebsocketprotocol.cpp index df87a93..d0465f1 100644 --- a/src/websockets/qwebsocketprotocol.cpp +++ b/src/websockets/qwebsocketprotocol.cpp @@ -210,7 +210,7 @@ void QWebSocketProtocol::mask(char *payload, quint64 size, quint32 maskingKey) quint8((maskingKey & 0x0000FF00u) >> 8), quint8((maskingKey & 0x000000FFu)) }; - int i = 0; + quint64 i = 0; while (size-- > 0) *payload++ ^= mask[i++ % 4]; } |