From 755521aba6d63fc572b5b3ee43193ea24a2d5513 Mon Sep 17 00:00:00 2001
From: Andrew Smolko <andrewsmolko@gmail.com>
Date: Thu, 8 Nov 2018 18:18:55 +0300
Subject: Fix hang in QMacPasteboard::formats()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PasteboardGetItemCount() can return -1 as result to unsigned variable,
so the further loop will iterate "forever". Return early to avoid hang.

Change-Id: Ie91dba1c193d04513f0496d20bd0b6b0b5b6c151
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
---
 src/plugins/platforms/cocoa/qmacclipboard.mm | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

(limited to 'src/plugins/platforms/cocoa/qmacclipboard.mm')

diff --git a/src/plugins/platforms/cocoa/qmacclipboard.mm b/src/plugins/platforms/cocoa/qmacclipboard.mm
index f3467fdc73..3a39e32fb5 100644
--- a/src/plugins/platforms/cocoa/qmacclipboard.mm
+++ b/src/plugins/platforms/cocoa/qmacclipboard.mm
@@ -49,6 +49,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include "qcocoahelpers.h"
+#include <type_traits>
 
 QT_BEGIN_NAMESPACE
 
@@ -61,6 +62,23 @@ QT_BEGIN_NAMESPACE
    QMacPasteboard code
 *****************************************************************************/
 
+namespace
+{
+OSStatus PasteboardGetItemCountSafe(PasteboardRef paste, ItemCount *cnt)
+{
+    Q_ASSERT(paste);
+    Q_ASSERT(cnt);
+    const OSStatus result = PasteboardGetItemCount(paste, cnt);
+    // Despite being declared unsigned, this API can return -1
+    if (std::make_signed<ItemCount>::type(*cnt) < 0)
+        *cnt = 0;
+    return result;
+}
+} // namespace
+
+// Ensure we don't call the broken one later on
+#define PasteboardGetItemCount
+
 class QMacMimeData : public QMimeData
 {
 public:
@@ -210,7 +228,7 @@ QMacPasteboard::hasOSType(int c_flavor) const
     sync();
 
     ItemCount cnt = 0;
-    if (PasteboardGetItemCount(paste, &cnt) || !cnt)
+    if (PasteboardGetItemCountSafe(paste, &cnt) || !cnt)
         return false;
 
 #ifdef DEBUG_PASTEBOARD
@@ -257,7 +275,7 @@ QMacPasteboard::hasFlavor(QString c_flavor) const
     sync();
 
     ItemCount cnt = 0;
-    if (PasteboardGetItemCount(paste, &cnt) || !cnt)
+    if (PasteboardGetItemCountSafe(paste, &cnt) || !cnt)
         return false;
 
 #ifdef DEBUG_PASTEBOARD
@@ -374,7 +392,7 @@ QMacPasteboard::formats() const
 
     QStringList ret;
     ItemCount cnt = 0;
-    if (PasteboardGetItemCount(paste, &cnt) || !cnt)
+    if (PasteboardGetItemCountSafe(paste, &cnt) || !cnt)
         return ret;
 
 #ifdef DEBUG_PASTEBOARD
@@ -417,7 +435,7 @@ QMacPasteboard::hasFormat(const QString &format) const
     sync();
 
     ItemCount cnt = 0;
-    if (PasteboardGetItemCount(paste, &cnt) || !cnt)
+    if (PasteboardGetItemCountSafe(paste, &cnt) || !cnt)
         return false;
 
 #ifdef DEBUG_PASTEBOARD
@@ -460,7 +478,7 @@ QMacPasteboard::retrieveData(const QString &format, QVariant::Type) const
     sync();
 
     ItemCount cnt = 0;
-    if (PasteboardGetItemCount(paste, &cnt) || !cnt)
+    if (PasteboardGetItemCountSafe(paste, &cnt) || !cnt)
         return QByteArray();
 
 #ifdef DEBUG_PASTEBOARD
-- 
cgit v1.2.3