Fix QString::vasprintf for strings > 2GiB

Both format strings > 2GiB, as well as result strings > 2Gi characters
were affected by the append_utf8() helper function being left unported
from int to qsizetype.

There were actually two bugs in that 5LOC function:

1. The len argument was an int, but the caller feeds a difference of
   pointers (even explicitly cast to qsizetype) to the function, so
   any stretch of verbatim text > 2GiB in the format would cause the
   output string to be corrupted.

2. If the result string was already > 2Gi characters in size, a call
   to append_utf8() would truncate it mod INT_MAX, because the
   string's size() was stored in an int variable and the used in a
   resize() call.

Task-number: QTBUG-103531
Change-Id: I0a09d27b7782093d3f8ea17bb621ff8dad375072
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit f73833809b87feb4046c7bdc1fedb3b3a14e80ec)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/src/corelib/text/qstring.cpp b/src/corelib/text/qstring.cpp
index 4df6f582bb..0fffcf7289 100644
--- a/src/corelib/text/qstring.cpp
+++ b/src/corelib/text/qstring.cpp
@@ -6765,9 +6765,9 @@ QString QString::asprintf(const char *cformat, ...)
     return s;
 }
 
-static void append_utf8(QString &qs, const char *cs, int len)
+static void append_utf8(QString &qs, const char *cs, qsizetype len)
 {
-    const int oldSize = qs.size();
+    const qsizetype oldSize = qs.size();
     qs.resize(oldSize + len);
     const QChar *newEnd = QUtf8::convertToUnicode(qs.data() + oldSize, QByteArrayView(cs, len));
     qs.resize(newEnd - qs.constData());