[PATCH] QLowEnergyControllerPrivateBluez: guard against malformed replies

[PATCH] QLowEnergyControllerPrivateBluez: guard against malformed replies

The QLowEnergyControllerPrivateBluez::l2cpReadyRead() slot reads the
data from a Bluetooth L2CAP socket and then tries to process it
according to ATT protocol specs.

However, the code was missing length and sanity checks at some
codepaths in processUnsolicitedReply() and processReply() helper
methods, simply relying on the data to be in the proper format.

This patch adds some minimal checks to make sure that we do not read
past the end of the received array and do not divide by zero.

This problem was originally pointed out by Marc Mutz in an unrelated
patch.

Pick-to: 6.5 5.15
Change-Id: I8dcfe031f70ad61fa3d87dc9d771c3fabc6d0edc
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
Reviewed-by: Juha Vuolle <juha.vuolle@qt.io>
(cherry picked from commit aecbd657c841a2a8c74631ceac96b8ff1f03ab5c)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 53e991671f725c136e9aa824c59ec13934c63fb4)

Gbp-Pq: Name CVE-2025-23050.diff