# HG changeset patch # User Markus Mützel # Date 1635699982 -3600 # Node ID de3275323dff344962e81a6082ab6934e9ca520e # Parent 48198770412e376cad61cce15d55a2941cf04a1b libqterminal: Avoid integer overflow in multiplication. * libgui/qterminal/libqterminal/unix/BlockArray.cpp (moveBlock, BlockArray::increaseBuffer): Cast integer offset argument of fseek to long int before multiplication to avoid integer overflow. The overflow is very unlikely to happen and this is adopted code (not actually maintained). But it's an easy fix that doesn't clutter the code too much. diff -r 48198770412e -r de3275323dff libgui/qterminal/libqterminal/unix/BlockArray.cpp --- a/libgui/qterminal/libqterminal/unix/BlockArray.cpp Sun Oct 31 17:13:01 2021 +0100 +++ b/libgui/qterminal/libqterminal/unix/BlockArray.cpp Sun Oct 31 18:06:22 2021 +0100 @@ -208,14 +208,14 @@ void moveBlock(FILE *fion, int cursor, int newpos, char *buffer2) { - int res = fseek(fion, cursor * blocksize, SEEK_SET); + int res = fseek(fion, static_cast (cursor) * blocksize, SEEK_SET); if (res) perror("fseek"); res = fread(buffer2, blocksize, 1, fion); if (res != 1) perror("fread"); - res = fseek(fion, newpos * blocksize, SEEK_SET); + res = fseek(fion, static_cast (newpos) * blocksize, SEEK_SET); if (res) perror("fseek"); res = fwrite(buffer2, blocksize, 1, fion); @@ -304,7 +304,7 @@ { // free one block in chain int firstblock = (offset + i) % size; - res = fseek(fion, firstblock * blocksize, SEEK_SET); + res = fseek(fion, static_cast (firstblock) * blocksize, SEEK_SET); if (res) perror("fseek"); res = fread(buffer1, blocksize, 1, fion); @@ -317,7 +317,7 @@ newpos = (cursor - offset + size) % size; moveBlock(fion, cursor, newpos, buffer2); } - res = fseek(fion, i * blocksize, SEEK_SET); + res = fseek(fion, static_cast (i) * blocksize, SEEK_SET); if (res) perror("fseek"); res = fwrite(buffer1, blocksize, 1, fion);