Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-93840

ubsan: integer overflow on QRect::width()

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P2: Important
    • None
    • 5.12.10
    • Wayland Compositor
    • None
    • All

    Description

      build qt with enabled ubsan. 

      Launch wayland compositor examples.

       

      ubsan reports sub overflow in qrect.h on code:

      Q_DECL_CONSTEXPR inline int QRect::width() const Q_DECL_NOTHROW
{ return  x2 - x1 + 1; }

      The reason of overflow is next code in file qwaylandsurface.cpp:

       

      static QRegion infiniteRegion() {    
return QRegion(QRect(QPoint(std::numeric_limits<int>::min(), std::numeric_limits<int>::min()),           QPoint(std::numeric_limits<int>::max(), std::numeric_limits<int>::max())));
}

      as you can see, with()function will calculate

      INT_MAX - INT_MIN +1; 

      this is real overflow.

       

      I checked on master:

      https://code.qt.io/cgit/qt/qtwayland.git/tree/src/compositor/compositor_api/qwaylandsurface.cpp?h=dev

       

      it is also has this issue.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            qt.team.graphics.and.multimedia Qt Graphics Team
            vasily_dybala Vasily Dybala
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes