diff options
author | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2017-11-14 14:47:08 +0100 |
---|---|---|
committer | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2017-11-15 07:30:00 +0000 |
commit | 18a2adad907523ea31251ff0b62e3321241a40fa (patch) | |
tree | 406882094df55cbcd0d224c9fdd110d1e5886978 /src | |
parent | c4c9b60dc4bbe3c3837c80ea63682f3ef9403277 (diff) | |
download | qtsvg-18a2adad907523ea31251ff0b62e3321241a40fa.tar.gz |
Fix crash on recursive self-referral in <use> element
Referring to an ancestor in a <use> element would lead to endless
recursion. Add checks to avoid recursion, and also emit a warning
while parsing.
Task-number: QTBUG-64425
Change-Id: I9ee1b9bfef13796cc3f387ff8579c6b13bc4ae9a
Reviewed-by: Andy Shaw <andy.shaw@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/svg/qsvggraphics.cpp | 5 | ||||
-rw-r--r-- | src/svg/qsvghandler.cpp | 2 | ||||
-rw-r--r-- | src/svg/qsvgnode.cpp | 11 | ||||
-rw-r--r-- | src/svg/qsvgnode_p.h | 1 |
4 files changed, 18 insertions, 1 deletions
diff --git a/src/svg/qsvggraphics.cpp b/src/svg/qsvggraphics.cpp index b1047eb..5b273af 100644 --- a/src/svg/qsvggraphics.cpp +++ b/src/svg/qsvggraphics.cpp @@ -465,6 +465,9 @@ QSvgUse::QSvgUse(const QPointF &start, QSvgNode *parent, QSvgNode *node) void QSvgUse::draw(QPainter *p, QSvgExtraStates &states) { + if (Q_UNLIKELY(!m_link || isDescendantOf(m_link))) + return; + applyStyle(p, states); if (!m_start.isNull()) { @@ -553,7 +556,7 @@ QSvgNode::Type QSvgVideo::type() const QRectF QSvgUse::bounds(QPainter *p, QSvgExtraStates &states) const { QRectF bounds; - if (m_link) { + if (Q_LIKELY(m_link && !isDescendantOf(m_link))) { p->translate(m_start); bounds = m_link->transformedBounds(p, states); p->translate(-m_start); diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp index 7841fa3..022afb6 100644 --- a/src/svg/qsvghandler.cpp +++ b/src/svg/qsvghandler.cpp @@ -3338,6 +3338,8 @@ static QSvgNode *createUseNode(QSvgNode *parent, if (group) { QSvgNode *link = group->scopeNode(linkId); if (link) { + if (parent->isDescendantOf(link)) + qCWarning(lcSvgHandler, "link #%s is recursive!", qPrintable(linkId)); QPointF pt; if (!xStr.isNull() || !yStr.isNull()) { QSvgHandler::LengthType type; diff --git a/src/svg/qsvgnode.cpp b/src/svg/qsvgnode.cpp index e504522..14aaea4 100644 --- a/src/svg/qsvgnode.cpp +++ b/src/svg/qsvgnode.cpp @@ -57,6 +57,17 @@ QSvgNode::~QSvgNode() } +bool QSvgNode::isDescendantOf(const QSvgNode *parent) const +{ + const QSvgNode *n = this; + while (n) { + if (n == parent) + return true; + n = n->m_parent; + } + return false; +} + void QSvgNode::appendStyleProperty(QSvgStyleProperty *prop, const QString &id) { //qDebug()<<"appending "<<prop->type()<< " ("<< id <<") "<<"to "<<this<<this->type(); diff --git a/src/svg/qsvgnode_p.h b/src/svg/qsvgnode_p.h index f9f6202..f2502e4 100644 --- a/src/svg/qsvgnode_p.h +++ b/src/svg/qsvgnode_p.h @@ -113,6 +113,7 @@ public: virtual void draw(QPainter *p, QSvgExtraStates &states) =0; QSvgNode *parent() const; + bool isDescendantOf(const QSvgNode *parent) const; void appendStyleProperty(QSvgStyleProperty *prop, const QString &id); void applyStyle(QPainter *p, QSvgExtraStates &states) const; |