From de515e400828d096c83261bbbf35d57d65af8834 Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Wed, 20 Jul 2022 22:21:12 +0200 Subject: Fix QString::arg() for format strings with a huge amount of placeholders QString::arg()s placeholders are limited to triple-digits, so 1000 different ones. By the same token, the length of any one of them is bounded to five (%L?\d{,3}). But the total possible length of escape sequences is _not_ 5000B, because there's no limit on the number of _equal_ placeholders, so a format string where the total escape sequence length exceeded 2Gi characters, e.g. QString("%L100").repeated(INT_MAX/5 + 1).arg(42); would produce corrupt data. Task-number: QTBUG-103531 Change-Id: Id27ee02579387efcbb5928de1eb9acbeb9f954c9 Reviewed-by: Thiago Macieira Reviewed-by: Edward Welbourne (cherry picked from commit 15a80cf8a9d59203f8e2b436a5c804197c044807) Reviewed-by: Qt Cherry-pick Bot --- src/corelib/text/qstring.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/corelib/text/qstring.cpp b/src/corelib/text/qstring.cpp index fc6489bcee..65a0bed949 100644 --- a/src/corelib/text/qstring.cpp +++ b/src/corelib/text/qstring.cpp @@ -7941,7 +7941,7 @@ struct ArgEscapeData int occurrences; // number of occurrences of the lowest escape sequence number int locale_occurrences; // number of occurrences of the lowest escape sequence number that // contain 'L' - int escape_len; // total length of escape sequences which will be replaced + qsizetype escape_len; // total length of escape sequences which will be replaced }; static ArgEscapeData findArgEscapes(QStringView s) -- cgit v1.2.3