Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Not Evaluated
Fix Version/s: Qt Creator 15.0.0
Affects Version/s: Qt Creator 15.0.0
Component/s: Axivion
Labels:
None

Commits:
5d092d04e (15.0)

According to one of the Axivion-C++-Gurus, the code introduced when fixing ~~QTCREATORBUG-32012~~ is potentially harmful:

Andreas Loth: a colleague from out C++ analysis team told me this: another coll...
sent on November 14, 2024 4:37 PM

a colleague from our C++ analysis team told me this:

casting from double to int has undefined behavior in C++ if the value is out-of-range!

and I dimly remember a case where the compiler actually uses that UB to optimize out an integer array bound checks; resulting in an actual security issue

another colleague mentioned this as alternative:

QString::number(num,'f',num_decimal_places)

f format never uses exponent notation

I don't have enough C++-expertise to know how to do this properly, but the security issue mentioned would likely require a malicious dashboard server sending a double value in the JSON data that doesn't fit into a qint64.

relates to

QTCREATORBUG-32012 Higher Issue-Ids are displayed as floating point although they definitively should fit in an integer type

Closed

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Assignee:: Christian Stenger

Reporter:: Daniel Hofmann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 15 Nov '24 10:39

Updated:: 18 Nov '24 07:16

Resolved:: 18 Nov '24 07:16

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

Axivion: Fix undefined behavior: Gerrit Review:

Details

Description

Attachments

Issue Links

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews