Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-93177

Variable overflow in QWidgetItemV2

    XMLWordPrintable

Details

    • Bug
    • Resolution: Incomplete
    • P2: Important
    • None
    • 5.15, 6.x
    • Widgets: Layout
    • None
    • Tested with Qt 5.10.0 on Windows
    • All

    Description

      Repeated calls to

      QWidgetItemV2::heightForWidth(int width)

      (e.g. in a UI that is constantly updating) lead to an overflow of

      QWidgetItemV2::q_firstCachedHfw

       resulting in a negative index into

      q_cachedHfws

      and subsequent memory corruption.

       

      See: https://code.qt.io/cgit/qt/qtbase.git/tree/src/widgets/kernel/qlayoutitem.h?h=v6.1.0-rc1&id=c7deb3400faa1d9389137fe63ffbffade8203850#n170

       

      Recommend to change datatype of

      QWidgetItemV2::q_firstCachedHfw

      to

      unsigned short

       

      This also applies to the local variable

      int offset

      https://code.qt.io/cgit/qt/qtbase.git/tree/src/widgets/kernel/qlayoutitem.cpp?h=v6.1.0-rc1&id=c7deb3400faa1d9389137fe63ffbffade8203850#n849

      A change to

      unsigned short

      would be good.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            qt.team.quick.subscriptions Qt Quick and Widgets Team
            rprueckl Robert Prueckl
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes