Don't divide by zero

Fixes: oss-fuzz-23731
Change-Id: Ib21a32a30f7a204d263e6710f17567d91c6aae79
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit a7941a5b82e1b8397e9d5f20e5a68c8aac37fb51)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

2 files changed, 11 insertions, 0 deletions

diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index ab5f9ef..8f5ff0c 100644
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -1529,6 +1529,9 @@ static void pathArc(QPainterPath &path,
                     qreal               y,
                     qreal curx, qreal cury)
 {
+    if (!rx || !ry)
+        return;
+
     qreal sin_th, cos_th;
     qreal a00, a01, a10, a11;
     qreal x0, y0, x1, y1, xc, yc;
diff --git a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
index 9ce5c78..efd80dd 100644
--- a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
+++ b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
@@ -80,6 +80,7 @@ private slots:
     void smallFont();
     void styleSheet();
     void duplicateStyleId();
+    void oss_fuzz_23731();
 
 #ifndef QT_NO_COMPRESS
     void testGzLoading();
@@ -1527,5 +1528,12 @@ void tst_QSvgRenderer::duplicateStyleId()
     renderer.render(&painter);
 }
 
+void tst_QSvgRenderer::oss_fuzz_23731()
+{
+    // when configured with "-sanitize undefined", this resulted in:
+    // "runtime error: division by zero"
+    QSvgRenderer().load(QByteArray("<svg><path d=\"A4------\">"));
+}
+
 QTEST_MAIN(tst_QSvgRenderer)
 #include "tst_qsvgrenderer.moc"