summaryrefslogtreecommitdiffstats
path: root/src/corelib/tools
diff options
context:
space:
mode:
authorMarc Mutz <marc.mutz@kdab.com>2016-03-25 10:40:44 +0100
committerMarc Mutz <marc.mutz@kdab.com>2016-04-26 16:37:10 +0000
commita1e3a0daed6c056c3b957151605f0f277fd38d3c (patch)
treeaa7c2d9bd245fd7872af1ac7a9f6e5bf24b47c9a /src/corelib/tools
parent31c7b24aa5f57fbe8258c9e9845c8d630af4aec1 (diff)
QString: Fix UBs (signed overflow) in hashed string search
Similar change to 390ea21873cf229447c2dcaea85a40e472fab03c, but more extensive because the hash variables were not, yet, of unsigned type. This brings the three hashed string search algorithms in QtBase (in QString, QByteArray and QByteArrayMatcher) in line again. Found by UBSan, fixing the following bunch of errors: tools/qstring.cpp:3080:38: runtime error: left shift of negative value -1291179264 tools/qstring.cpp:3081:42: runtime error: left shift of negative value -1291179264 tools/qstring.cpp:3091:13: runtime error: left shift of 73 by 26 places cannot be represented in type 'int' tools/qstring.cpp:3091:13: runtime error: left shift of negative value -1255957171 tools/qstring.cpp:3091:13: runtime error: signed integer overflow: 1783052986 - -1207959552 cannot be represented in type 'int' tools/qstring.cpp:3097:37: runtime error: left shift of negative value -1298753576 tools/qstring.cpp:3098:41: runtime error: left shift of negative value -1298753576 tools/qstring.cpp:3107:13: runtime error: left shift of negative value -1508912760 tools/qstring.cpp:3158:38: runtime error: left shift of negative value -677037574 tools/qstring.cpp:3159:42: runtime error: left shift of negative value -677037574 tools/qstring.cpp:3169:13: runtime error: left shift of negative value -1657715810 tools/qstring.cpp:3173:38: runtime error: left shift of negative value -677037574 tools/qstring.cpp:3174:42: runtime error: left shift of negative value -677037574 tools/qstring.cpp:3183:13: runtime error: left shift of negative value -1657715810 Change-Id: I1436eb61369919df9fe34251f863dd54fb58af98 Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Diffstat (limited to 'src/corelib/tools')
-rw-r--r--src/corelib/tools/qstring.cpp14
1 files changed, 8 insertions, 6 deletions
diff --git a/src/corelib/tools/qstring.cpp b/src/corelib/tools/qstring.cpp
index 983d1213d9..6bbaf05fef 100644
--- a/src/corelib/tools/qstring.cpp
+++ b/src/corelib/tools/qstring.cpp
@@ -705,8 +705,8 @@ static int findChar(const QChar *str, int len, QChar ch, int from,
}
#define REHASH(a) \
- if (sl_minus_1 < (int)sizeof(int) * CHAR_BIT) \
- hashHaystack -= (a) << sl_minus_1; \
+ if (sl_minus_1 < sizeof(uint) * CHAR_BIT) \
+ hashHaystack -= uint(a) << sl_minus_1; \
hashHaystack <<= 1
inline bool qIsUpper(char ch)
@@ -3072,8 +3072,9 @@ int qFindString(
const ushort *needle = (const ushort *)needle0;
const ushort *haystack = (const ushort *)haystack0 + from;
const ushort *end = (const ushort *)haystack0 + (l-sl);
- const int sl_minus_1 = sl-1;
- int hashNeedle = 0, hashHaystack = 0, idx;
+ const uint sl_minus_1 = sl - 1;
+ uint hashNeedle = 0, hashHaystack = 0;
+ int idx;
if (cs == Qt::CaseSensitive) {
for (idx = 0; idx < sl; ++idx) {
@@ -3148,10 +3149,11 @@ static int lastIndexOfHelper(const ushort *haystack, int from, const ushort *nee
const ushort *end = haystack;
haystack += from;
- const int sl_minus_1 = sl-1;
+ const uint sl_minus_1 = sl - 1;
const ushort *n = needle+sl_minus_1;
const ushort *h = haystack+sl_minus_1;
- int hashNeedle = 0, hashHaystack = 0, idx;
+ uint hashNeedle = 0, hashHaystack = 0;
+ int idx;
if (cs == Qt::CaseSensitive) {
for (idx = 0; idx < sl; ++idx) {