QDateTime: prevent signed integer overflow

While the code checks for the possibility that leftMillis-rightMillis may overflow, it fails to take into account that the result may be minimal ("INT64_MIN", so to speak) and passes it to qAbs, triggering UB in there. Since it's just a range check and we don't need the result to be signed, use qUnsignedAbs. Change-Id: I7f1a4bbc521fdc164ca20fedf0e995359a67ea4d Pick-to: 6.9 6.8 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2025-01-28 03:11:58 +01:00 · 2025-01-28 03:11:58 +01:00 · 45e90b73c7
commit 45e90b73c7
parent 15154fa4c5
1 changed files with 3 additions and 3 deletions
--- a/src/corelib/time/qdatetime.cpp
+++ b/src/corelib/time/qdatetime.cpp
@ -3185,10 +3185,10 @@ static inline bool usesSameOffset(const QDateTimeData &a, const QDateTimeData &b
 */
 bool areFarEnoughApart(qint64 leftMillis, qint64 rightMillis)
 {
-    constexpr qint64 UtcOffsetMillisRange
-        = (QTimeZone::MaxUtcOffsetSecs - QTimeZone::MinUtcOffsetSecs) * MSECS_PER_SEC;
+    constexpr quint64 UtcOffsetMillisRange
+        = quint64(QTimeZone::MaxUtcOffsetSecs - QTimeZone::MinUtcOffsetSecs) * MSECS_PER_SEC;
    qint64 gap = 0;
-    return qSubOverflow(leftMillis, rightMillis, &gap) || qAbs(gap) > UtcOffsetMillisRange;
+    return qSubOverflow(leftMillis, rightMillis, &gap) || QtPrivate::qUnsignedAbs(gap) > UtcOffsetMillisRange;
 }

 // Refresh the LocalTime or TimeZone validity and offset