Fix QString::vasprintf for strings > 2GiB

Both format strings > 2GiB, as well as result strings > 2Gi characters were affected by the append_utf8() helper function being left unported from int to qsizetype. There were actually two bugs in that 5LOC function: 1. The len argument was an int, but the caller feeds a difference of pointers (even explicitly cast to qsizetype) to the function, so any stretch of verbatim text > 2GiB in the format would cause the output string to be corrupted. 2. If the result string was already > 2Gi characters in size, a call to append_utf8() would truncate it mod INT_MAX, because the string's size() was stored in an int variable and the used in a resize() call. Task-number: QTBUG-103531 Change-Id: I0a09d27b7782093d3f8ea17bb621ff8dad375072 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> (cherry picked from commit f73833809b87feb4046c7bdc1fedb3b3a14e80ec) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
2022-07-20 22:06:36 +02:00 · 2022-07-20 22:06:36 +02:00 · 4c5533bba3
commit 4c5533bba3
parent 0d69de55c3
1 changed files with 2 additions and 2 deletions
--- a/src/corelib/text/qstring.cpp
+++ b/src/corelib/text/qstring.cpp
@ -6720,9 +6720,9 @@ QString QString::asprintf(const char *cformat, ...)
    return s;
 }

-static void append_utf8(QString &qs, const char *cs, int len)
+static void append_utf8(QString &qs, const char *cs, qsizetype len)
 {
-    const int oldSize = qs.size();
+    const qsizetype oldSize = qs.size();
    qs.resize(oldSize + len);
    const QChar *newEnd = QUtf8::convertToUnicode(qs.data() + oldSize, QByteArrayView(cs, len));
    qs.resize(newEnd - qs.constData());