QTriangulator: fix a potential out of bounds access

primeForCount tries to calculate a rough base 2 logarithm of the argument,
in order to access the array of deltas between primes.

However, the usage of an arithmetic shift instead of a logical shift
could cause "high" to stay at 32 -- if the argument is INT_MAX, for instance,
the condition of the if clause in the loop is always true. The loop
would go this way:

* precond:                    low = 0 , high = 32
* i = 0  : mid = 16, if TRUE, low = 16, high = 32
* i = 1  : mid = 24, if TRUE, low = 24, high = 32
* i = 2  : mid = 28, if TRUE, low = 28, high = 32
* i = 3  : mid = 30, if TRUE, low = 30, high = 32
* i = 4  : mid = 31, if TRUE, low = 31, high = 32

and hence the subsequent access of the 33rd position of the array
(by passing index 32) is out of bounds.

Now the if at i = 4 is true because "1 << 31" is an arithmetic shift,
not a logical one, and gives - (2^31) as result. Making it a logical shift
fixes this (INT_MAX is 2^31-1, the shift gives 2^31, so the if is false).

Spotted by Coverity.

Change-Id: Ied89f4c87d603a209284e22c30f18a3e464d84fd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/src/gui/opengl/qtriangulator.cpp b/src/gui/opengl/qtriangulator.cpp
index 5a45117ce3..74b8f01985 100644
--- a/src/gui/opengl/qtriangulator.cpp
+++ b/src/gui/opengl/qtriangulator.cpp
@@ -457,7 +457,7 @@ static inline int primeForCount(int count)
     int high = 32;
     for (int i = 0; i < 5; ++i) {
         int mid = (high + low) / 2;
-        if (count >= 1 << mid)
+        if (uint(count) >= (1u << mid))
             low = mid;
         else
             high = mid;