diff options
author | Marc Mutz <marc.mutz@kdab.com> | 2016-03-25 10:40:44 +0100 |
---|---|---|
committer | Marc Mutz <marc.mutz@kdab.com> | 2016-04-26 16:37:10 +0000 |
commit | a1e3a0daed6c056c3b957151605f0f277fd38d3c (patch) | |
tree | aa7c2d9bd245fd7872af1ac7a9f6e5bf24b47c9a /src/corelib | |
parent | 31c7b24aa5f57fbe8258c9e9845c8d630af4aec1 (diff) |
QString: Fix UBs (signed overflow) in hashed string search
Similar change to 390ea21873cf229447c2dcaea85a40e472fab03c, but more
extensive because the hash variables were not, yet, of unsigned type.
This brings the three hashed string search algorithms in QtBase (in
QString, QByteArray and QByteArrayMatcher) in line again.
Found by UBSan, fixing the following bunch of errors:
tools/qstring.cpp:3080:38: runtime error: left shift of negative value -1291179264
tools/qstring.cpp:3081:42: runtime error: left shift of negative value -1291179264
tools/qstring.cpp:3091:13: runtime error: left shift of 73 by 26 places cannot be represented in type 'int'
tools/qstring.cpp:3091:13: runtime error: left shift of negative value -1255957171
tools/qstring.cpp:3091:13: runtime error: signed integer overflow: 1783052986 - -1207959552 cannot be represented in type 'int'
tools/qstring.cpp:3097:37: runtime error: left shift of negative value -1298753576
tools/qstring.cpp:3098:41: runtime error: left shift of negative value -1298753576
tools/qstring.cpp:3107:13: runtime error: left shift of negative value -1508912760
tools/qstring.cpp:3158:38: runtime error: left shift of negative value -677037574
tools/qstring.cpp:3159:42: runtime error: left shift of negative value -677037574
tools/qstring.cpp:3169:13: runtime error: left shift of negative value -1657715810
tools/qstring.cpp:3173:38: runtime error: left shift of negative value -677037574
tools/qstring.cpp:3174:42: runtime error: left shift of negative value -677037574
tools/qstring.cpp:3183:13: runtime error: left shift of negative value -1657715810
Change-Id: I1436eb61369919df9fe34251f863dd54fb58af98
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Diffstat (limited to 'src/corelib')
-rw-r--r-- | src/corelib/tools/qstring.cpp | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/corelib/tools/qstring.cpp b/src/corelib/tools/qstring.cpp index 983d1213d9..6bbaf05fef 100644 --- a/src/corelib/tools/qstring.cpp +++ b/src/corelib/tools/qstring.cpp @@ -705,8 +705,8 @@ static int findChar(const QChar *str, int len, QChar ch, int from, } #define REHASH(a) \ - if (sl_minus_1 < (int)sizeof(int) * CHAR_BIT) \ - hashHaystack -= (a) << sl_minus_1; \ + if (sl_minus_1 < sizeof(uint) * CHAR_BIT) \ + hashHaystack -= uint(a) << sl_minus_1; \ hashHaystack <<= 1 inline bool qIsUpper(char ch) @@ -3072,8 +3072,9 @@ int qFindString( const ushort *needle = (const ushort *)needle0; const ushort *haystack = (const ushort *)haystack0 + from; const ushort *end = (const ushort *)haystack0 + (l-sl); - const int sl_minus_1 = sl-1; - int hashNeedle = 0, hashHaystack = 0, idx; + const uint sl_minus_1 = sl - 1; + uint hashNeedle = 0, hashHaystack = 0; + int idx; if (cs == Qt::CaseSensitive) { for (idx = 0; idx < sl; ++idx) { @@ -3148,10 +3149,11 @@ static int lastIndexOfHelper(const ushort *haystack, int from, const ushort *nee const ushort *end = haystack; haystack += from; - const int sl_minus_1 = sl-1; + const uint sl_minus_1 = sl - 1; const ushort *n = needle+sl_minus_1; const ushort *h = haystack+sl_minus_1; - int hashNeedle = 0, hashHaystack = 0, idx; + uint hashNeedle = 0, hashHaystack = 0; + int idx; if (cs == Qt::CaseSensitive) { for (idx = 0; idx < sl; ++idx) { |