Details
-
Bug
-
Resolution: Done
-
Not Evaluated
-
5.2.0 Beta1
-
None
-
all
-
315ba388f32ad7943c226f2faba4e9b35e899dc9
Description
Documentation of QByteArray::remove: "If pos is valid, but pos + len is larger than the size of the array, the array is truncated at position pos."
Code in QByteArray.cpp:1820
if (pos + len >= d->size) ...
Leads to an integer overflow if pos + len > INT_MAX, my usecase was: text.remove (2, INT_MAX).
Fix:
if (len >= d->size - pos) ...
pos is not greater than d->size (checked some lines before).
Attachments
For Gerrit Dashboard: QTBUG-34694 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
70784,1 | Avoid signed integer overflow by making an addition a subtraction | stable | qt/qtbase | Status: MERGED | +2 | 0 |