diff options
author | Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io> | 2022-02-03 11:01:33 +0100 |
---|---|---|
committer | Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io> | 2022-02-04 12:02:45 +0100 |
commit | 26a0638222933fc549f250333c28d0184205b704 (patch) | |
tree | 18c988711e953d533f10e8acb3d7f5aa7ee65f34 | |
parent | c984a9bf07d6290993794be196172475c641b2d8 (diff) | |
download | qtbase-26a0638222933fc549f250333c28d0184205b704.tar.gz |
Fix infinite loop in dash stroker
When the positions were large enough, we would get precision errors
with the floating point numbers.
We calculate the relative position:
dpos = pos + dashes[istart] - doffset - estart
and then later
pos = dpos + estart
If estart is a huge number (range of 10^18) and dashes[istart] is
a low number (10^1), then estart + dashes[istart] == estart and
the loop will never progress, dpos will be 0.
Since the loop should never iterate more than dashCount times
(since we cut away all full dash sequences before entering it),
we add a failsafe that exits the loop if it detects the error.
Fixes: QTBUG-99690
Pick-to: 5.15 6.2 6.3
Change-Id: Ia6a42f21b6b4c6adf5cdd703b6483750513a88ba
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
-rw-r--r-- | src/gui/painting/qstroker.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/gui/painting/qstroker.cpp b/src/gui/painting/qstroker.cpp index 1fa63c3cb5..57c69e1389 100644 --- a/src/gui/painting/qstroker.cpp +++ b/src/gui/painting/qstroker.cpp @@ -1184,6 +1184,7 @@ void QDashStroker::processCurrentSubpath() // Check if the entire line should be clipped away or simplified bool clipIt = clipping && !lineIntersectsRect(prev, e, clip_tl, clip_br); bool skipDashing = elen * invSumLength > repetitionLimit(); + int maxDashes = dashCount; if (skipDashing || clipIt) { // Cut away full dash sequences. elen -= std::floor(elen * invSumLength) * sumLength; @@ -1198,7 +1199,7 @@ void QDashStroker::processCurrentSubpath() pos = estop; // move pos to next path element done = true; } else { // Dash is on this line - pos = dpos + estart; + pos = --maxDashes > 0 ? dpos + estart : estop; done = pos >= estop; if (++idash >= dashCount) idash = 0; |