QTriangulator: fix a potential out of bounds access
primeForCount tries to calculate a rough base 2 logarithm of the argument, in order to access the array of deltas between primes. However, the usage of an arithmetic shift instead of a logical shift could cause "high" to stay at 32 -- if the argument is INT_MAX, for instance, the condition of the if clause in the loop is always true. The loop would go this way: * precond: low = 0 , high = 32 * i = 0 : mid = 16, if TRUE, low = 16, high = 32 * i = 1 : mid = 24, if TRUE, low = 24, high = 32 * i = 2 : mid = 28, if TRUE, low = 28, high = 32 * i = 3 : mid = 30, if TRUE, low = 30, high = 32 * i = 4 : mid = 31, if TRUE, low = 31, high = 32 and hence the subsequent access of the 33rd position of the array (by passing index 32) is out of bounds. Now the if at i = 4 is true because "1 << 31" is an arithmetic shift, not a logical one, and gives - (2^31) as result. Making it a logical shift fixes this (INT_MAX is 2^31-1, the shift gives 2^31, so the if is false). Spotted by Coverity. Change-Id: Ied89f4c87d603a209284e22c30f18a3e464d84fd Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
This commit is contained in:
parent
ae0a624e2f
commit
4adf5e1a9e
@ -457,7 +457,7 @@ static inline int primeForCount(int count)
|
|||||||
int high = 32;
|
int high = 32;
|
||||||
for (int i = 0; i < 5; ++i) {
|
for (int i = 0; i < 5; ++i) {
|
||||||
int mid = (high + low) / 2;
|
int mid = (high + low) / 2;
|
||||||
if (count >= 1 << mid)
|
if (uint(count) >= (1u << mid))
|
||||||
low = mid;
|
low = mid;
|
||||||
else
|
else
|
||||||
high = mid;
|
high = mid;
|
||||||
|
Loading…
Reference in New Issue
Block a user