diff options
author | Miklos Vajna <vmiklos@collabora.com> | 2021-07-07 11:54:34 +0200 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.com> | 2021-07-08 14:51:11 +0200 |
commit | 57d3d0f3919115b77761ae26af4ff40140fb7f98 (patch) | |
tree | 20da82424f07ffb63930ff1339c6c1885dc5b740 | |
parent | Drop unused Upload/CrossProgress controls (diff) | |
download | online-57d3d0f3919115b77761ae26af4ff40140fb7f98.tar.gz online-57d3d0f3919115b77761ae26af4ff40140fb7f98.zip |
http response: check if result would fit into chunkLen
Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: I6e3b73461653d2ab3cedaa3f6ca7fbfd2a826edb
-rw-r--r-- | fuzzer/httpresponse-data/crash-fd5521adc1d02a7232343401c8bc9ad881d14847 | bin | 0 -> 194 bytes | |||
-rw-r--r-- | net/HttpRequest.cpp | 5 |
2 files changed, 5 insertions, 0 deletions
diff --git a/fuzzer/httpresponse-data/crash-fd5521adc1d02a7232343401c8bc9ad881d14847 b/fuzzer/httpresponse-data/crash-fd5521adc1d02a7232343401c8bc9ad881d14847 Binary files differnew file mode 100644 index 0000000000..e28f3d49f2 --- /dev/null +++ b/fuzzer/httpresponse-data/crash-fd5521adc1d02a7232343401c8bc9ad881d14847 diff --git a/net/HttpRequest.cpp b/net/HttpRequest.cpp index 9f5d0dc30b..0eceaedc09 100644 --- a/net/HttpRequest.cpp +++ b/net/HttpRequest.cpp @@ -553,6 +553,11 @@ int64_t Response::readData(const char* p, int64_t len) if (digit < 0) break; + if (chunkLen >= (std::numeric_limits<int64_t>::max() - digit) / 16) + { + // Would not fit into chunkLen. + return len - available; + } chunkLen = chunkLen * 16 + digit; } |