qCompress: use saturation, not truncation, for the size header

This provides a better size hint than the pseudo-random mod 4GiB
number used before. In particular, it will make the Qt 5
implementation fail fast, because UINT_MAX will be recognized as a
non-representable size right away.

Pick-to: 6.4 6.3 6.2
Task-number: QTBUG-104972
Change-Id: I6010f558eb71bbf02fb0f71bee1b3b1a15ec6e3f
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>

src/corelib/global/qnumeric_p.h

@@ -314,6 +314,36 @@ template <auto V2, typename T> bool mul_overflow(T v1, T *r)
 }
 #endif // Q_CLANG_QDOC
 
+/*
+    Safely narrows \a x to \c{To}. Let \c L be
+    \c{std::numeric_limit<To>::min()} and \c H be \c{std::numeric_limit<To>::max()}.
+
+    If \a x is less than L, returns L. If \a x is greater than H,
+    returns H. Otherwise, returns \c{To(x)}.
+*/
+template <typename To, typename From>
+static auto qt_saturate(From x)
+{
+    static_assert(std::is_integral_v<To>);
+    static_assert(std::is_integral_v<From>);
+
+    [[maybe_unused]]
+    constexpr auto Lo = (std::numeric_limits<To>::min)();
+    constexpr auto Hi = (std::numeric_limits<To>::max)();
+
+    if constexpr (std::is_signed_v<From> == std::is_signed_v<To>) {
+        return x < Lo  ? Lo :
+               x > Hi  ? Hi :
+               /*else*/  To(x);
+    } else {
+        if constexpr (std::is_signed_v<From>) { // ie. !is_signed_v<To>
+            if (x < From{0})
+                return To{0};
+        }
+        return x > Hi ? Hi : To(x);
+    }
+}
+
 QT_END_NAMESPACE
 
 #endif // QNUMERIC_P_H

src/corelib/text/qbytearray.cpp

@@ -603,7 +603,7 @@ QByteArray qCompress(const uchar* data, qsizetype nbytes, int compressionLevel)
         switch (res) {
         case Z_OK:
             bazip.resize(len + HeaderSize);
-            qToBigEndian(CompressSizeHint_t(nbytes), bazip.data());
+            qToBigEndian(qt_saturate<CompressSizeHint_t>(nbytes), bazip.data());
             break;
         case Z_MEM_ERROR:
             return tooMuchData(ZLibOp::Compression);