From 6842485a84c702dc2250b1d918c05799ff0f2a63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Wed, 2 Feb 2022 14:56:23 +0100 Subject: [PATCH] MINOR: quic: Possible overflow in qpack_get_varint() This should fix CID 375051 in GH 1536 where a signed integer expression (1 << bit) which could overflow was compared to a uint64_t. --- src/qpack-dec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qpack-dec.c b/src/qpack-dec.c index 6c55495b2..3bfa8e98e 100644 --- a/src/qpack-dec.c +++ b/src/qpack-dec.c @@ -67,8 +67,8 @@ static uint64_t qpack_get_varint(const unsigned char **buf, uint64_t *len_in, in uint8_t shift = 0; len--; - ret = *raw++ & ((1 << b) - 1); - if (ret != (uint64_t)((1 << b) - 1)) + ret = *raw++ & ((1ULL << b) - 1); + if (ret != (uint64_t)((1ULL << b) - 1)) goto end; while (len && (*raw & 128)) {