From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Date: Sat, 13 Jan 2024 13:53:25 +0000 (+0100)
Subject: cve-2023-51714
X-Git-Tag: archive/raspbian/6.4.2+dfsg-21+rpi1^2~21
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=b31c21fce764b29aa431e4664dccaca3baa6d0cc;p=qt6-base.git

cve-2023-51714


Gbp-Pq: Name cve-2023-51714.diff
---

diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
index 0b69ee86..f20ec92d 100644
--- a/src/network/access/http2/hpacktable.cpp
+++ b/src/network/access/http2/hpacktable.cpp
@@ -26,8 +26,10 @@ HeaderSize entry_size(QByteArrayView name, QByteArrayView value)
     // for counting the number of references to the name and value would have
     // 32 octets of overhead."
 
-    const unsigned sum = unsigned(name.size() + value.size());
-    if (std::numeric_limits<unsigned>::max() - 32 < sum)
+    size_t sum;
+    if (qAddOverflow(size_t(name.size()), size_t(value.size()), &sum))
+        return HeaderSize();
+    if (sum > (std::numeric_limits<unsigned>::max() - 32))
         return HeaderSize();
     return HeaderSize(true, quint32(sum + 32));
 }