From afefed06952d5edd5c6be4376469b022975930cf Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Fri, 6 Jan 2017 07:38:50 +0100 Subject: QAndroidStyle: fix UB (signed integer overflow) in AndroidProgressBarControl::drawControl() The expression 'maximum - minimum' has undefined behavior when 'qint64(maximum) - minimum > INT_MAX'. Use 64-bit arithmetic instead. Also fix calculation of the progress when minimum != 0. Rename QStyleOptionProgressBar* variable to avoid line wraps. Change-Id: I1d48a7930e7f6d69798c2e878bb0045d55c2f057 Reviewed-by: David Faure --- src/widgets/styles/qandroidstyle.cpp | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'src/widgets/styles') diff --git a/src/widgets/styles/qandroidstyle.cpp b/src/widgets/styles/qandroidstyle.cpp index b37dffbe80..110153d0f6 100644 --- a/src/widgets/styles/qandroidstyle.cpp +++ b/src/widgets/styles/qandroidstyle.cpp @@ -1606,15 +1606,14 @@ void QAndroidStyle::AndroidProgressBarControl::drawControl(const QStyleOption *o if (!m_progressDrawable) return; - if (const QStyleOptionProgressBar *progressBarOption = - qstyleoption_cast(option)) { + if (const QStyleOptionProgressBar *pb = qstyleoption_cast(option)) { if (m_progressDrawable->type() == QAndroidStyle::Layer) { - const double fraction = progressBarOption->progress / double(progressBarOption->maximum - progressBarOption->minimum); + const double fraction = double(qint64(pb->progress) - pb->minimum) / (qint64(pb->maximum) - pb->minimum); QAndroidStyle::AndroidDrawable *clipDrawable = static_cast(m_progressDrawable)->layer(m_progressId); if (clipDrawable->type() == QAndroidStyle::Clip) - static_cast(clipDrawable)->setFactor(fraction, progressBarOption->orientation); + static_cast(clipDrawable)->setFactor(fraction, pb->orientation); else - static_cast(m_progressDrawable)->setFactor(m_progressId, fraction, progressBarOption->orientation); + static_cast(m_progressDrawable)->setFactor(m_progressId, fraction, pb->orientation); } m_progressDrawable->draw(p, option); } -- cgit v1.2.3