From 45e90b73c75b2c7997a0f8d750f9927f64e05a0e Mon Sep 17 00:00:00 2001
From: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Date: Tue, 28 Jan 2025 03:11:58 +0100
Subject: [PATCH] QDateTime: prevent signed integer overflow

While the code checks for the possibility that leftMillis-rightMillis
may overflow, it fails to take into account that the result may be
minimal ("INT64_MIN", so to speak) and passes it to qAbs, triggering UB
in there. Since it's just a range check and we don't need the result to
be signed, use qUnsignedAbs.

Change-Id: I7f1a4bbc521fdc164ca20fedf0e995359a67ea4d
Pick-to: 6.9 6.8
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
---
 src/corelib/time/qdatetime.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/corelib/time/qdatetime.cpp b/src/corelib/time/qdatetime.cpp
index f7523dc3856..6a11b101120 100644
--- a/src/corelib/time/qdatetime.cpp
+++ b/src/corelib/time/qdatetime.cpp
@@ -3185,10 +3185,10 @@ static inline bool usesSameOffset(const QDateTimeData &a, const QDateTimeData &b
 */
 bool areFarEnoughApart(qint64 leftMillis, qint64 rightMillis)
 {
-    constexpr qint64 UtcOffsetMillisRange
-        = (QTimeZone::MaxUtcOffsetSecs - QTimeZone::MinUtcOffsetSecs) * MSECS_PER_SEC;
+    constexpr quint64 UtcOffsetMillisRange
+        = quint64(QTimeZone::MaxUtcOffsetSecs - QTimeZone::MinUtcOffsetSecs) * MSECS_PER_SEC;
     qint64 gap = 0;
-    return qSubOverflow(leftMillis, rightMillis, &gap) || qAbs(gap) > UtcOffsetMillisRange;
+    return qSubOverflow(leftMillis, rightMillis, &gap) || QtPrivate::qUnsignedAbs(gap) > UtcOffsetMillisRange;
 }
 
 // Refresh the LocalTime or TimeZone validity and offset