From ba741fd310214cd2524d939f647c429604bae79b Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Fri, 6 May 2022 00:31:43 +0200 Subject: [PATCH] QXmlStreamReader: port readBufferPos from int to qsizetype The variable represents an offset into the QString readBuffer data member. Given a QString with more than 2Gi of characters, the variable would overflow before we've consumed all of readBuffer's contents. Signed integer overflow is UB, so anything could happen. Task-number: QTBUG-102465 Pick-to: 6.3 6.2 Change-Id: I05d35a5e7f02f05462b318c86b17fdab7f1afec6 Reviewed-by: Thiago Macieira --- src/corelib/serialization/qxmlstream_p.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h index 8713b322d4..b797fe830e 100644 --- a/src/corelib/serialization/qxmlstream_p.h +++ b/src/corelib/serialization/qxmlstream_p.h @@ -250,7 +250,7 @@ public: uchar firstByte; qint64 nbytesread; QString readBuffer; - int readBufferPos; + qsizetype readBufferPos; QXmlStreamSimpleStack putStack; struct Entity { Entity() = default;