diff options
| author | Ahmad Samir <a.samirh78@gmail.com> | 2024-12-26 15:11:30 +0200 |
|---|---|---|
| committer | Marc Mutz <marc.mutz@qt.io> | 2024-12-31 20:40:32 +0000 |
| commit | b83e825fab16f83f86149ead78efb6ec3d2fa16d (patch) | |
| tree | 8beb0535f5e47ed1f4c52e2f2cb43decbe18909a /src | |
| parent | cfa7d41db08a288dc7a76d56b0b33de68a5f01b8 (diff) | |
QCryptographicHash: hashInto(): check the buffer size earlier
We can use hashLengthInternal() to check if the buffer is big enough.
This matches what the QCH::hash() method does, it also has an assert
that `result.size() == ba.size()`, so we can assume this works with
OpenSSL's EVP_MD_get_size() in EVP::finalizeUnchecked().
Amends c70c81b371993ca865d523bb5f37eac4eb8a972b.
Pick-to: 6.9 6.8
Change-Id: I64935f3d590ab243b361a0b764f011c388820e32
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Diffstat (limited to 'src')
| -rw-r--r-- | src/corelib/tools/qcryptographichash.cpp | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/corelib/tools/qcryptographichash.cpp b/src/corelib/tools/qcryptographichash.cpp index 0e677ceea36..0a4f2351088 100644 --- a/src/corelib/tools/qcryptographichash.cpp +++ b/src/corelib/tools/qcryptographichash.cpp @@ -1128,13 +1128,15 @@ QByteArrayView QCryptographicHash::hashInto(QSpan<std::byte> buffer, QSpan<const QByteArrayView> data, Algorithm method) noexcept { + if (buffer.size() < hashLengthInternal(method)) + return {}; // buffer too small + QCryptographicHashPrivate hash(method); for (QByteArrayView part : data) hash.addData(part); hash.finalizeUnchecked(); // no mutex needed: no-one but us has access to 'hash' auto result = hash.resultView(); - if (buffer.size() < result.size()) - return {}; // buffer too small + Q_ASSERT(buffer.size() >= result.size()); // ### optimize: have the method directly write into `buffer` memcpy(buffer.data(), result.data(), result.size()); return buffer.first(result.size()); |