diff options
author | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2020-10-14 09:29:19 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2020-10-16 11:57:08 +0000 |
commit | 0afee2870bc4fef180106e80a361da2ef1e3d442 (patch) | |
tree | fcf500e3a4e5984640442cdc6a7488de7283ea05 | |
parent | 4491fd66db8e36204f6d36d0002897afd119bc80 (diff) | |
download | qtsvg-0afee2870bc4fef180106e80a361da2ef1e3d442.tar.gz |
Reject corrupt svgs with invalid size
Fixes oss-fuzz-24735.
Change-Id: I626905562d37b1e53bd346b13bd88894401818ca
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit fcbbc73a97fefacace630e83a5c6ee48fa8eec43)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r-- | src/svg/qsvgrenderer.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/svg/qsvgrenderer.cpp b/src/svg/qsvgrenderer.cpp index d4ad373..635eb0a 100644 --- a/src/svg/qsvgrenderer.cpp +++ b/src/svg/qsvgrenderer.cpp @@ -314,6 +314,10 @@ static bool loadDocument(QSvgRenderer *const q, { delete d->render; d->render = QSvgTinyDocument::load(in); + if (d->render && !d->render->size().isValid()) { + delete d->render; + d->render = nullptr; + } if (d->render && d->render->animated() && d->fps > 0) { if (!d->timer) d->timer = new QTimer(q); |