From 4c5533bba34cd0f102a1b6e6b07313ce3fcc0931 Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Wed, 20 Jul 2022 22:06:36 +0200 Subject: [PATCH] Fix QString::vasprintf for strings > 2GiB Both format strings > 2GiB, as well as result strings > 2Gi characters were affected by the append_utf8() helper function being left unported from int to qsizetype. There were actually two bugs in that 5LOC function: 1. The len argument was an int, but the caller feeds a difference of pointers (even explicitly cast to qsizetype) to the function, so any stretch of verbatim text > 2GiB in the format would cause the output string to be corrupted. 2. If the result string was already > 2Gi characters in size, a call to append_utf8() would truncate it mod INT_MAX, because the string's size() was stored in an int variable and the used in a resize() call. Task-number: QTBUG-103531 Change-Id: I0a09d27b7782093d3f8ea17bb621ff8dad375072 Reviewed-by: Thiago Macieira Reviewed-by: Edward Welbourne (cherry picked from commit f73833809b87feb4046c7bdc1fedb3b3a14e80ec) Reviewed-by: Qt Cherry-pick Bot --- src/corelib/text/qstring.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/corelib/text/qstring.cpp b/src/corelib/text/qstring.cpp index aa979981aff..55500bc526e 100644 --- a/src/corelib/text/qstring.cpp +++ b/src/corelib/text/qstring.cpp @@ -6720,9 +6720,9 @@ QString QString::asprintf(const char *cformat, ...) return s; } -static void append_utf8(QString &qs, const char *cs, int len) +static void append_utf8(QString &qs, const char *cs, qsizetype len) { - const int oldSize = qs.size(); + const qsizetype oldSize = qs.size(); qs.resize(oldSize + len); const QChar *newEnd = QUtf8::convertToUnicode(qs.data() + oldSize, QByteArrayView(cs, len)); qs.resize(newEnd - qs.constData());