From e4c6d73f925671a9c96558293472ed213861239c Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Mon, 14 Mar 2016 15:18:11 +0100 Subject: QRect: fix UB (int overflow) in center() QRect::center() should be defined for any QRect(x1,y1,x2,x2), INT_MIN <= x1, x2, y1, y2 <= INT_MAX because the average of two signed integers is always representable as a signed integer. But not when it's calculated as (x1+x2)/2, since that expression overflows when x1 > INT_MAX - x2. Instead of playing games with Hacker's Delight-style expressions, or use Google's patented algorithm, which requires two divisions, take advantage of the fact that int is not intmax_t and perform the calculation in the qint64 domain. The cast back to int is always well- defined since, as mentioned, the result is always representable in an int. Fix a test-case that expected a nonsensical result due to overflow. [ChangeLog][QtCore][QRect] Fixed integer overflow in center(). This fixes the result for some corner-cases like a 1x1 rectangle at (INT_MIN, INT_MIN), for which the previous implementation could return anything (due to invoking undefined behavior), but commonly returned (0, 0). Change-Id: I1a885ca6dff770327dd31655c3eb473fcfeb8878 Reviewed-by: Lars Knoll --- tests/auto/corelib/tools/qrect/tst_qrect.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/auto') diff --git a/tests/auto/corelib/tools/qrect/tst_qrect.cpp b/tests/auto/corelib/tools/qrect/tst_qrect.cpp index c6907dcac2..1377e801a7 100644 --- a/tests/auto/corelib/tools/qrect/tst_qrect.cpp +++ b/tests/auto/corelib/tools/qrect/tst_qrect.cpp @@ -2349,7 +2349,7 @@ void tst_QRect::center_data() QTest::newRow( "SmallestQRect" ) << getQRectCase( SmallestQRect ) << QPoint(1,1); QTest::newRow( "MiddleQRect" ) << getQRectCase( MiddleQRect ) << QPoint(0,0); QTest::newRow( "LargestQRect" ) << getQRectCase( LargestQRect ) << QPoint(INT_MAX/2,INT_MAX/2); - QTest::newRow( "SmallestCoordQRect" ) << getQRectCase( SmallestCoordQRect ) << QPoint(0,0); + QTest::newRow( "SmallestCoordQRect" ) << getQRectCase( SmallestCoordQRect ) << QPoint(INT_MIN, INT_MIN); QTest::newRow( "LargestCoordQRect" ) << getQRectCase( LargestCoordQRect ) << QPoint(0,0); QTest::newRow( "RandomQRect" ) << getQRectCase( RandomQRect ) << QPoint(105,207); QTest::newRow( "NegativeSizeQRect" ) << getQRectCase( NegativeSizeQRect ) << QPoint(-4,-4); -- cgit v1.2.3