Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-48012

QEventDispatcherWinRT::registerTimer integer overflow of interval variable

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 5.6.0 Alpha
    • 5.4.2, 5.5.0
    • Core: Event loop
    • Windows 8.1
      WinRT
      Qt 5.4.2
    • 4b340402b97b83790b3d71a8244a246eec4f8abd

    Description

      A timer with an interval longer than INT_MAX/10000 is not fired correctly.

      In https://github.com/qtproject/qtbase/blob/dev/src/corelib/kernel/qeventdispatcher_winrt.cpp line 291 (QEventDispatcherWinRT::registerTimer):
      period.Duration = interval ? (interval * 10000) : 1;

      interval is of type int (32 bit)
      period.Duration is of type int64 (64bit)

      If interval is larger than INT_MAX/10000, an integer overflow occur.

      Solution: convert to 64bit before multiplication

      replace line 291:
      period.Duration = interval ? (interval * 10000) : 1;

      with

      if (interval) {
        period.Duration = interval;
        period.Duration *= 10000; // TimeSpan is based on 100-nanosecond units
      } else {
         period.Duration = 1;
      }
      

      Attachments

        Activity

          People

            owolff Oliver Wolff
            qtmyro Geert Mys (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: