Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Won't Do
Priority: Not Evaluated
Fix Version/s: None
Affects Version/s: 5.15.18
Component/s: Core: Containers and Algorithms
Labels:
- Reported_by_support_2H24
- reported_by_support_standard

Description

For 5.15.x, QMap is mixing quint64 (p) and int (elements in enum) and doing bitwise operation between them, i.e.:
https://github.com/qt/qtbase/blob/v5.15.16-lts-lgpl/src/corelib/tools/qmap.h#L94C5-L94C77

And that may lead to undefined behavior when, e.g. ~Black a negative integer, is promoted to quint64 and causes overflow.

A reproducer is attached, and it is said that the undefined behavior sanitizer that comes with Clang 12 can capture it with such output:

Qt-5/include/QtCore/qmap.h:94:68: runtime error: implicit conversion from type 'int' of value -2 (32-bit, signed) to type 'unsigned long long' changed the value to 18446744073709551614 (64-bit, unsigned)
Qt-5/include/QtCore/qmap.h:95:80: runtime error: implicit conversion from type 'int' of value -4 (32-bit, signed) to type 'unsigned long long' changed the value to 18446744073709551612 (64-bit, unsigned)

Notice that it can be compiler specific. My gcc 11.4 UBSAN does not detect anything. Older Clang may not detect anything either.

A patch is also uploaded. We may consider merge it, or at least verify if it's valid.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

MapTest.zip
1 kB
12 Dec '24 09:02
qMap-UBSAN-pointer-masks.patch
1 kB
12 Dec '24 09:02

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Thiago Macieira

Reporter:: Luqiao Chen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 12 Dec '24 09:01

Updated:: 12 Dec '24 13:05

Resolved:: 12 Dec '24 13:04

Gerrit Reviews

There are no open Gerrit changes