From: Shane Kearns <ext-shane.2.kearns@nokia.com>
Date: Mon, 21 May 2012 09:54:37 +0000 (+0100)
Subject: Prevent infinite loops by handling all ZLIB errors
X-Git-Tag: 071012110112~899
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=63e996200268599522db97d9a0ef37f43d5ca506;p=profile%2Fivi%2Fqtbase.git

Prevent infinite loops by handling all ZLIB errors

In case the HTTP server returns more data after the end of the
compressed data stream, inflate will return Z_STREAM_END, which
is a normal informative error code.
This was handled in 4.8, but lost in 5.0.
Also catch all ZLIB negative error codes rather than only three.

Task-number: QTBUG-25823
Change-Id: Ibdbbd3dd6fa81a0880c477cb080ad35f2d7116f0
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
---

diff --git a/src/network/access/qhttpnetworkreply.cpp b/src/network/access/qhttpnetworkreply.cpp
index bcfe48f..b95a227 100644
--- a/src/network/access/qhttpnetworkreply.cpp
+++ b/src/network/access/qhttpnetworkreply.cpp
@@ -699,14 +699,13 @@ qint64 QHttpNetworkReplyPrivate::uncompressBodyData(QByteDataBuffer *in, QByteDa
             inflateStrm.next_out = reinterpret_cast<Bytef*>(bOut.data());
 
             int ret = inflate(&inflateStrm, Z_NO_FLUSH);
-            switch (ret) {
-            case Z_NEED_DICT:
-            case Z_DATA_ERROR:
-            case Z_MEM_ERROR:
+            //All negative return codes are errors, in the context of HTTP compression, Z_NEED_DICT is also an error.
+            if (ret < 0 || ret == Z_NEED_DICT)
                 return -1;
-            }
             bOut.resize(bOut.capacity() - inflateStrm.avail_out);
             out->append(bOut);
+            if (ret == Z_STREAM_END)
+                return out->byteAmount();
         } while (inflateStrm.avail_in > 0);
     }