Details
-
Bug
-
Resolution: Done
-
P4: Low
-
4.8.0, 4.8.4, 5.0.0
-
None
-
32 bit x86 Linux Qt 4.8
-
15d7044c82e5f222b6533f3c3876b540dfac2ae0
Description
Line 119 is buggy:
http://qt.gitorious.org/qt/qt/blobs/4.8/src/corelib/thread/qmutex_unix.cpp
timeout is of type int, so in the most cases a qint32.
The calculation "qint64 xtimeout = timeout * 1000 * 1000;" will result in an overflow, it timeout is bigger then 2148.
The solution would be to cast timeout to a qint64 before multiplication.
This is the right solution but it is not done. Instead there is the fix which was not needed:
File qmutex_unix.cpp lines 126 and 127:
ts.tv_sec = xtimeout / Q_INT64_C(1000) / 1000 / 1000;
ts.tv_nsec = xtimeout % (Q_INT64_C(1000) * 1000 * 1000);
Here xtimeout is already qint64, there is no need to cast here literal 1000 to qint64.
Instead line 119 should be patched qint64 xtimeout = timeout * 1000 * 1000;
Here timeout should be cast to qint64 (see the patch attached)
We are using 4.8.4 version, but the issue is still there in 4.8.7.
Attachments
For Gerrit Dashboard: QTBUG-47706 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
123216,1 | Avoid integer overflow on multiplying timeout by 1000 | 4.8 | qt/qt | Status: ABANDONED | +2 | 0 |