diff options
| author | Robert Löhning <robert.loehning@qt.io> | 2021-07-23 13:53:47 +0200 |
|---|---|---|
| committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-07-27 15:15:24 +0000 |
| commit | 22388ac3075e6506dbeb42aa34d1207d43ad6af9 (patch) | |
| tree | 06caf4d6d8888c5e13da3db2d74a9ccf531db51f | |
| parent | 6de64d30d4ec51b3d1bc48a1f15424f3216eb42a (diff) | |
| download | qtsvg-22388ac3075e6506dbeb42aa34d1207d43ad6af9.tar.gz | |
Limit font size to avoid numerous overflows
The font size will be passed through a QFixed in
QFontEngineBox::ascent() and overflow there as well as in further places.
[ChangeLog] Avoid numerous overflows by limiting font size to 0xffff.
This fixes oss-fuzz issue 31701.
Change-Id: I2d00c5639804af9b056f0efc979e9899c5358cf7
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
(cherry picked from commit 76eeb072cdffc1a8c776ed01864e6751ccbfba85)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
| -rw-r--r-- | src/svg/qsvghandler.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp index daf436e..e2c3c2c 100644 --- a/src/svg/qsvghandler.cpp +++ b/src/svg/qsvghandler.cpp @@ -1394,7 +1394,8 @@ static void parseFont(QSvgNode *node, break; case FontSizeValue: { QSvgHandler::LengthType dummy; // should always be pixel size - fontStyle->setSize(parseLength(attributes.fontSize, dummy, handler)); + fontStyle->setSize(qMin(parseLength(attributes.fontSize, dummy, handler), + qreal(0xffff))); } break; default: |