From 6627e8c0ecae8b5c598fddd5d72b1d4652891b2b Mon Sep 17 00:00:00 2001
From: antelle <dmitryvit@gmail.com>
Date: Fri, 14 May 2021 21:00:43 +0200
Subject: [PATCH] fix #1817: crash on files with large attachments as KDBX3

---
 app/scripts/util/kdbxweb/protected-value-ex.js | 14 +++++++-------
 package-lock.json                              | 14 +++++++-------
 package.json                                   |  2 +-
 release-notes.md                               |  1 +
 4 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/app/scripts/util/kdbxweb/protected-value-ex.js b/app/scripts/util/kdbxweb/protected-value-ex.js
index eb9726d2..fe662200 100644
--- a/app/scripts/util/kdbxweb/protected-value-ex.js
+++ b/app/scripts/util/kdbxweb/protected-value-ex.js
@@ -6,8 +6,8 @@ const ExpectedFieldRefByteLength = ExpectedFieldRefChars.length;
 kdbxweb.ProtectedValue.prototype.isProtected = true;
 
 kdbxweb.ProtectedValue.prototype.forEachChar = function (fn) {
-    const value = this._value;
-    const salt = this._salt;
+    const value = this.value;
+    const salt = this.salt;
     let b, b1, b2, b3;
     for (let i = 0, len = value.length; i < len; i++) {
         b = value[i] ^ salt[i];
@@ -154,7 +154,7 @@ kdbxweb.ProtectedValue.prototype.equals = function (other) {
         return false;
     }
     for (let i = 0; i < len; i++) {
-        if ((this._value[i] ^ this._salt[i]) !== (other._value[i] ^ other._salt[i])) {
+        if ((this.value[i] ^ this.salt[i]) !== (other.value[i] ^ other.salt[i])) {
             return false;
         }
     }
@@ -181,8 +181,8 @@ kdbxweb.ProtectedValue.prototype.saltedValue = function () {
     if (!this.byteLength) {
         return 0;
     }
-    const value = this._value;
-    const salt = this._salt;
+    const value = this.value;
+    const salt = this.salt;
     let salted = '';
     for (let i = 0, len = value.length; i < len; i++) {
         const byte = value[i] ^ salt[i];
@@ -193,8 +193,8 @@ kdbxweb.ProtectedValue.prototype.saltedValue = function () {
 
 kdbxweb.ProtectedValue.prototype.dataAndSalt = function () {
     return {
-        data: [...this._value],
-        salt: [...this._salt]
+        data: [...this.value],
+        salt: [...this.salt]
     };
 };
 
diff --git a/package-lock.json b/package-lock.json
index 6422b907..209ec181 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -67,7 +67,7 @@
         "jquery": "3.6.0",
         "json-loader": "^0.5.7",
         "jsqrcode": "github:antelle/jsqrcode#0.1.3",
-        "kdbxweb": "^2.0.1",
+        "kdbxweb": "^2.0.3",
         "load-grunt-tasks": "5.1.0",
         "lodash": "^4.17.21",
         "marked": "^2.0.3",
@@ -11706,9 +11706,9 @@
       }
     },
     "node_modules/kdbxweb": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/kdbxweb/-/kdbxweb-2.0.1.tgz",
-      "integrity": "sha512-ewghBv4gAGkUgtPv+qELC7U+qA5U6msKYod4UDtCrrAA4taEm13VSdZGxp2iBeIhkh/bciHmRlvtVoSTlLL+1g==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/kdbxweb/-/kdbxweb-2.0.3.tgz",
+      "integrity": "sha512-VKaYAQiTqxPmn55IcUDzdZsV1+1k4onBHe+Ip7t5xs7JxkGT++tmPwIFE+D3smzjTQ63fUEJ+P7t3o+xIbC/6A==",
       "dependencies": {
         "pako": "github:keeweb/pako#653c0b00d8941c89d09ed4546d2179001ec44efc",
         "xmldom": "github:keeweb/xmldom#ec8f61f723e2f403adaf7a1bbf55ced4ff1ea0c6"
@@ -29846,9 +29846,9 @@
       }
     },
     "kdbxweb": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/kdbxweb/-/kdbxweb-2.0.1.tgz",
-      "integrity": "sha512-ewghBv4gAGkUgtPv+qELC7U+qA5U6msKYod4UDtCrrAA4taEm13VSdZGxp2iBeIhkh/bciHmRlvtVoSTlLL+1g==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/kdbxweb/-/kdbxweb-2.0.3.tgz",
+      "integrity": "sha512-VKaYAQiTqxPmn55IcUDzdZsV1+1k4onBHe+Ip7t5xs7JxkGT++tmPwIFE+D3smzjTQ63fUEJ+P7t3o+xIbC/6A==",
       "requires": {
         "pako": "github:keeweb/pako#653c0b00d8941c89d09ed4546d2179001ec44efc",
         "xmldom": "github:keeweb/xmldom#ec8f61f723e2f403adaf7a1bbf55ced4ff1ea0c6"
diff --git a/package.json b/package.json
index 5edeb963..5b9d7ef5 100644
--- a/package.json
+++ b/package.json
@@ -69,7 +69,7 @@
     "jquery": "3.6.0",
     "json-loader": "^0.5.7",
     "jsqrcode": "github:antelle/jsqrcode#0.1.3",
-    "kdbxweb": "^2.0.1",
+    "kdbxweb": "^2.0.3",
     "load-grunt-tasks": "5.1.0",
     "lodash": "^4.17.21",
     "marked": "^2.0.3",
diff --git a/release-notes.md b/release-notes.md
index 476ac040..6415e306 100644
--- a/release-notes.md
+++ b/release-notes.md
@@ -2,6 +2,7 @@ Release notes
 -------------
 ##### v1.18.5 (TBD)
 `-` fix #1816: old Chromium support, such as Android Edge  
+`-` fix #1817: crash on files with large attachments as KDBX3  
 
 ##### v1.18.4 (2021-05-12)
 `+` #1814: option to disable auto-type title filter by default