diff options
author | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2021-07-02 16:09:30 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-07-12 10:20:17 +0000 |
commit | ea84510c9059809a8556c393d7c9d593c09e430e (patch) | |
tree | c0f7358f5d49fce131c0a85c9864398dae4595fa /src/svg | |
parent | dcec9ba7110f7e41524aa8ade083dfe1728fae10 (diff) | |
download | qtsvg-ea84510c9059809a8556c393d7c9d593c09e430e.tar.gz |
Fix parsing of animation clock values
Color animation duration parsing mixed seconds and milliseconds.
Factor out a common function for all clock value parsing, and
add checking for overflow and illegal values as a driveby..
Fixes: QTBUG-94878
Change-Id: Ie1d974cd2db55a3d65d7ce02c373021021070489
Reviewed-by: Paul Olav Tvete <paul.tvete@qt.io>
(cherry picked from commit 1da0a668e52994832d8a048772bed65b61cb0e9b)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src/svg')
-rw-r--r-- | src/svg/qsvghandler.cpp | 70 |
1 files changed, 35 insertions, 35 deletions
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp index e554b47..65ec90f 100644 --- a/src/svg/qsvghandler.cpp +++ b/src/svg/qsvghandler.cpp @@ -2349,6 +2349,27 @@ static bool parseAnimateNode(QSvgNode *parent, return true; } +static int parseClockValue(QStringView str, bool *ok) +{ + int res = 0; + int ms = 1000; + str = str.trimmed(); + if (str.endsWith(QLatin1String("ms"))) { + str.chop(2); + ms = 1; + } else if (str.endsWith(QLatin1String("s"))) { + str.chop(1); + } + double val = ms * toDouble(str, ok); + if (ok) { + if (val > std::numeric_limits<int>::min() && val < std::numeric_limits<int>::max()) + res = static_cast<int>(val); + else + *ok = false; + } + return res; +} + static bool parseAnimateColorNode(QSvgNode *parent, const QXmlStreamAttributes &attributes, QSvgHandler *handler) @@ -2381,23 +2402,13 @@ static bool parseAnimateColorNode(QSvgNode *parent, } } - int ms = 1000; - beginStr = beginStr.trimmed(); - if (beginStr.endsWith(QLatin1String("ms"))) { - beginStr.chop(2); - ms = 1; - } else if (beginStr.endsWith(QLatin1String("s"))) { - beginStr.chop(1); - } - durStr = durStr.trimmed(); - if (durStr.endsWith(QLatin1String("ms"))) { - durStr.chop(2); - ms = 1; - } else if (durStr.endsWith(QLatin1String("s"))) { - durStr.chop(1); - } - int begin = static_cast<int>(toDouble(beginStr) * ms); - int end = static_cast<int>((toDouble(durStr) + begin) * ms); + bool ok = true; + int begin = parseClockValue(beginStr, &ok); + if (!ok) + return false; + int end = begin + parseClockValue(durStr, &ok); + if (!ok || end <= begin) + return false; QSvgAnimateColor *anim = new QSvgAnimateColor(begin, end, 0); anim->setArgs((targetStr == QLatin1String("fill")), colors); @@ -2487,24 +2498,13 @@ static bool parseAnimateTransformNode(QSvgNode *parent, } } - int ms = 1000; - beginStr = beginStr.trimmed(); - if (beginStr.endsWith(QLatin1String("ms"))) { - beginStr.chop(2); - ms = 1; - } else if (beginStr.endsWith(QLatin1String("s"))) { - beginStr.chop(1); - } - int begin = static_cast<int>(toDouble(beginStr) * ms); - durStr = durStr.trimmed(); - if (durStr.endsWith(QLatin1String("ms"))) { - durStr.chop(2); - ms = 1; - } else if (durStr.endsWith(QLatin1String("s"))) { - durStr.chop(1); - ms = 1000; - } - int end = static_cast<int>(toDouble(durStr)*ms) + begin; + bool ok = true; + int begin = parseClockValue(beginStr, &ok); + if (!ok) + return false; + int end = begin + parseClockValue(durStr, &ok); + if (!ok || end <= begin) + return false; QSvgAnimateTransform::TransformType type = QSvgAnimateTransform::Empty; if (typeStr == QLatin1String("translate")) { |