diff options
authorThiago Macieira <>2015-09-27 11:43:47 -0700
committerThiago Macieira <>2015-09-28 06:39:05 +0000
commit1a6ac8319313b6e024305397512513387afcafb8 (patch)
parente18554d4f7722b7fc5b576efb7ca429112789a05 (diff)
Ensure there's no sign-extension here.
Both e_shentsize and e_shtrndx are ELF half-words, which means C integers of rank less than int (they're quint16). That means this multiplcation was done actually as int, due to integer promotion from unsigned short. So preempt the integer promotion and force them to full- word integers (unsigned int). While the bit-pattern result of the multiplication is the same, the addition with e_shoff (a qelfoff_t = quintptr) wouldn't: the promotion from 32-bit int to 64-bit would first execute a sign-extension. Now, this shouldn't happen on regular ELF files, but it cause QLibrary to crash if a specially-crafted (or simply corrupt) plugin is found. Found by Coverity, CID 22642 Change-Id: I42e7ef1a481840699a8dffff1407e9f1282eeecf Reviewed-by: Olivier Goffart (Woboq GmbH) <>
1 files changed, 1 insertions, 1 deletions
diff --git a/src/corelib/plugin/qelfparser_p.cpp b/src/corelib/plugin/qelfparser_p.cpp
index d93be439e0..3798231383 100644
--- a/src/corelib/plugin/qelfparser_p.cpp
+++ b/src/corelib/plugin/qelfparser_p.cpp
@@ -148,7 +148,7 @@ int QElfParser::parse(const char *dataStart, ulong fdlen, const QString &library
ElfSectionHeader strtab;
- qulonglong soff = e_shoff + e_shentsize * (e_shtrndx);
+ qulonglong soff = e_shoff + qelfword_t(e_shentsize) * qelfword_t(e_shtrndx);
if ((soff + e_shentsize) > fdlen || soff % 4 || soff == 0) {
if (lib)