diff options
author | Robert Loehning <robert.loehning@qt.io> | 2020-08-27 16:18:58 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2020-08-28 15:59:59 +0000 |
commit | 2d93e82c84d0a8afed94e1a45ebfd365db229b88 (patch) | |
tree | b7c8937d61b6d8f1d7192ecdf249e942aa72b089 | |
parent | 1ee0815f2ab99a94381ca3aa4e5f7369c0b9477a (diff) | |
download | qtbase-2d93e82c84d0a8afed94e1a45ebfd365db229b88.tar.gz |
QTextHtmlParserNode: Avoid extreme values for font's pixelsize
They currently cause an integer-overflow in variantHash().
Fixes: oss-fuzz-24702
Change-Id: Ibee4413ca766c8ade9aeff2f2052b82cb9f7d213
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 0bd770fb875d5391dd78df95542c25bd15051938)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r-- | src/gui/text/qtexthtmlparser.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/gui/text/qtexthtmlparser.cpp b/src/gui/text/qtexthtmlparser.cpp index f003544391..d22fc3b913 100644 --- a/src/gui/text/qtexthtmlparser.cpp +++ b/src/gui/text/qtexthtmlparser.cpp @@ -1388,6 +1388,7 @@ void QTextHtmlParserNode::applyCssDeclarations(const QVector<QCss::Declaration> QFont f; int adjustment = -255; extractor.extractFont(&f, &adjustment); + f.setPixelSize(qMin(f.pixelSize(), INT32_MAX / 2)); // avoid even more extreme values charFormat.setFont(f, QTextCharFormat::FontPropertiesSpecifiedOnly); if (adjustment >= -1) |