From 75e8f6f41e0c436c257eec543684f5e8d47213f4 Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@intel.com>
Date: Thu, 1 Nov 2018 15:44:41 -0700
Subject: QResource: catch signed integer overflow (just in case)

Change-Id: I343f2beed55440a7ac0bfffd156321748e4d6048
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
---
 src/corelib/io/qresource.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/corelib/io/qresource.cpp b/src/corelib/io/qresource.cpp
index 367cd78d65..b85bca8590 100644
--- a/src/corelib/io/qresource.cpp
+++ b/src/corelib/io/qresource.cpp
@@ -54,6 +54,7 @@
 #include <qplatformdefs.h>
 #include <qendian.h>
 #include "private/qabstractfileengine_p.h"
+#include "private/qnumeric_p.h"
 #include "private/qsimd_p.h"
 #include "private/qsystemerror_p.h"
 
@@ -1502,7 +1503,9 @@ uchar *QResourceFileEnginePrivate::map(qint64 offset, qint64 size, QFile::Memory
 {
     Q_Q(QResourceFileEngine);
     Q_UNUSED(flags);
-    if (offset < 0 || size <= 0 || !resource.isValid() || offset + size > resource.size()) {
+    qint64 end;
+    if (offset < 0 || size <= 0 || !resource.isValid() ||
+            add_overflow(offset, size, &end) || end > resource.size()) {
         q->setError(QFile::UnspecifiedError, QString());
         return 0;
     }
-- 
cgit v1.2.3