diff options
author | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2021-07-07 10:09:58 +0200 |
---|---|---|
committer | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2021-07-14 10:24:38 +0200 |
commit | b313862fa04d9a5403c16670a0d911eb3c633ee5 (patch) | |
tree | 6089952bbf003365882a3a5f359a0ce3691a110d /src/svg | |
parent | b516143eb8103662912c9b807eb239909e6dde0b (diff) | |
download | qtsvg-b313862fa04d9a5403c16670a0d911eb3c633ee5.tar.gz |
Fix parsing of arc elements in paths
The arc element takes some flag parameters, which could be mixed up
with the float parameters since svg does not require delimiting
characters here. Hence legal svg would be misread..
Fixes: QTBUG-92184
Pick-to: 6.2 6.1 5.15
Change-Id: I5885c50d47e2e06ab0f02afefb7a5585c5c713ff
Reviewed-by: Paul Olav Tvete <paul.tvete@qt.io>
Diffstat (limited to 'src/svg')
-rw-r--r-- | src/svg/qsvghandler.cpp | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp index 65ec90f..2ad13b4 100644 --- a/src/svg/qsvghandler.cpp +++ b/src/svg/qsvghandler.cpp @@ -725,15 +725,25 @@ static QList<qreal> parseNumbersList(const QChar *&str) return points; } -static inline void parseNumbersArray(const QChar *&str, QVarLengthArray<qreal, 8> &points) +static inline void parseNumbersArray(const QChar *&str, QVarLengthArray<qreal, 8> &points, + const char *pattern = nullptr) { + const size_t patternLen = qstrlen(pattern); while (str->isSpace()) ++str; while (isDigit(str->unicode()) || *str == QLatin1Char('-') || *str == QLatin1Char('+') || *str == QLatin1Char('.')) { - points.append(toDouble(str)); + if (patternLen && pattern[points.size() % patternLen] == 'f') { + // flag expected, may only be 0 or 1 + if (*str != QLatin1Char('0') && *str != QLatin1Char('1')) + return; + points.append(*str == QLatin1Char('0') ? 0.0 : 1.0); + ++str; + } else { + points.append(toDouble(str)); + } while (str->isSpace()) ++str; @@ -1599,8 +1609,11 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) ++str; QChar endc = *end; *const_cast<QChar *>(end) = u'\0'; // parseNumbersArray requires 0-termination that QStringView cannot guarantee + const char *pattern = nullptr; + if (pathElem == QLatin1Char('a') || pathElem == QLatin1Char('A')) + pattern = "rrrffrr"; QVarLengthArray<qreal, 8> arg; - parseNumbersArray(str, arg); + parseNumbersArray(str, arg, pattern); *const_cast<QChar *>(end) = endc; if (pathElem == QLatin1Char('z') || pathElem == QLatin1Char('Z')) arg.append(0);//dummy |