Fix crash when parsing malformed url reference

The parsing did not check for end of input. Change-Id: I56a478877d242146395977b767511425d2b8ced1 Reviewed-by: Lars Knoll <lars.knoll@qt.io>
author: Eirik Aavitsland <eirik.aavitsland@qt.io> 2018-07-09 10:45:22 +0200
committer: Lars Knoll <lars.knoll@qt.io> 2018-07-30 10:49:29 +0000
commit: 8c199714e9bc638fb3f6ec747fb7a23373e49335 (patch)
tree: 37d46783ebf5474b48a0e7bb84732e1820019424 /src
parent: 59c8f354644b6016c6e0ac45e60d821544c6d4d2 (diff)
download: qtsvg-8c199714e9bc638fb3f6ec747fb7a23373e49335.tar.gz
1 files changed, 6 insertions, 5 deletions
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index 6d2e279..fe07d0e 100644
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -774,16 +774,17 @@ static QVector<qreal> parsePercentageList(const QChar *&str)
 static QString idFromUrl(const QString &url)
 {
     QString::const_iterator itr = url.constBegin();
-    while ((*itr).isSpace())
+    QString::const_iterator end = url.constEnd();
+    while (itr != end && (*itr).isSpace())
         ++itr;
-    if ((*itr) == QLatin1Char('('))
+    if (itr != end && (*itr) == QLatin1Char('('))
         ++itr;
-    while ((*itr).isSpace())
+    while (itr != end && (*itr).isSpace())
         ++itr;
-    if ((*itr) == QLatin1Char('#'))
+    if (itr != end && (*itr) == QLatin1Char('#'))
         ++itr;
     QString id;
-    while ((*itr) != QLatin1Char(')')) {
+    while (itr != end && (*itr) != QLatin1Char(')')) {
         id += *itr;
         ++itr;
     }
author	Eirik Aavitsland <eirik.aavitsland@qt.io>	2018-07-09 10:45:22 +0200
committer	Lars Knoll <lars.knoll@qt.io>	2018-07-30 10:49:29 +0000
commit	8c199714e9bc638fb3f6ec747fb7a23373e49335 (patch)
tree	37d46783ebf5474b48a0e7bb84732e1820019424 /src
parent	59c8f354644b6016c6e0ac45e60d821544c6d4d2 (diff)
download	qtsvg-8c199714e9bc638fb3f6ec747fb7a23373e49335.tar.gz