diff options
author | Volker Hilsheimer <volker.hilsheimer@qt.io> | 2020-07-09 10:36:26 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2020-07-17 09:44:16 +0000 |
commit | 45548ffe73f194501667a8cf982525c146e87285 (patch) | |
tree | a96a035c6e3184af72d2a675a742351e1d0aea7d | |
parent | 3e5226908cba0fc314c95bf7672f31443e3dee9f (diff) | |
download | qtsvg-45548ffe73f194501667a8cf982525c146e87285.tar.gz |
Don't divide by zero
Fixes: oss-fuzz-23731
Change-Id: Ib21a32a30f7a204d263e6710f17567d91c6aae79
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit a7941a5b82e1b8397e9d5f20e5a68c8aac37fb51)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r-- | src/svg/qsvghandler.cpp | 3 | ||||
-rw-r--r-- | tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp | 8 |
2 files changed, 11 insertions, 0 deletions
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp index 98a87e1..842af02 100644 --- a/src/svg/qsvghandler.cpp +++ b/src/svg/qsvghandler.cpp @@ -1533,6 +1533,9 @@ static void pathArc(QPainterPath &path, qreal y, qreal curx, qreal cury) { + if (!rx || !ry) + return; + qreal sin_th, cos_th; qreal a00, a01, a10, a11; qreal x0, y0, x1, y1, xc, yc; diff --git a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp index 686c854..f76a1b2 100644 --- a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp +++ b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp @@ -82,6 +82,7 @@ private slots: void smallFont(); void styleSheet(); void duplicateStyleId(); + void oss_fuzz_23731(); #ifndef QT_NO_COMPRESS void testGzLoading(); @@ -1605,5 +1606,12 @@ void tst_QSvgRenderer::duplicateStyleId() renderer.render(&painter); } +void tst_QSvgRenderer::oss_fuzz_23731() +{ + // when configured with "-sanitize undefined", this resulted in: + // "runtime error: division by zero" + QSvgRenderer().load(QByteArray("<svg><path d=\"A4------\">")); +} + QTEST_MAIN(tst_QSvgRenderer) #include "tst_qsvgrenderer.moc" |