We fixed the first line of defense in 03d1e81516be9af37fa08900f9a2d88d34abc4df, but that commit didn't rule out ndelta == INT_MIN, in which case -ndelta overflows a few lines below. Coverity pointed this out. Add a check that exposes this problem to ubsan, and avoid the overflow by using qMulOverflow<-1>()¹ and not scrolling when it overflows, but emitting a qWarning(). ¹ There's no qNegateOverflow()... When state == QHeaderViewPrivate::ResizeSection, we assume that everything happens on the actual screen, which has physical limits to the setOffset() argument, and therefore these arithmetic operations don't need to be protected. I fully expect that this will just be a rat's tail, one we can only hope to control by using Peppe's safe integers everywhere, at which point we've probably blown our executable code size out of any proportions. So leave it at this, for the time being. Amends 03d1e81516be9af37fa08900f9a2d88d34abc4df. Coverity-Id: 479557 Pick-to: 6.5 Change-Id: I2e31fc9be21e7d59563b67f3cd26c29dcea61b55 Reviewed-by: Axel Spoerl <axel.spoerl@qt.io> (cherry picked from commit 49fcac99deea390901000a74deea1c0c690b6ae2) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit f98c49666a518df3ac182e1f4920b581d1a6bda7)