Fix parsing of arc elements in paths

The arc element takes some flag parameters, which could be mixed up with the float parameters since svg does not require delimiting characters here. Hence legal svg would be misread.. Fixes: QTBUG-92184 Pick-to: 6.2 6.1 5.15 Change-Id: I5885c50d47e2e06ab0f02afefb7a5585c5c713ff Reviewed-by: Paul Olav Tvete <paul.tvete@qt.io>
author: Eirik Aavitsland <eirik.aavitsland@qt.io> 2021-07-07 10:09:58 +0200
committer: Eirik Aavitsland <eirik.aavitsland@qt.io> 2021-07-14 10:24:38 +0200
commit: b313862fa04d9a5403c16670a0d911eb3c633ee5 (patch)
tree: 6089952bbf003365882a3a5f359a0ce3691a110d /src
parent: b516143eb8103662912c9b807eb239909e6dde0b (diff)
download: qtsvg-b313862fa04d9a5403c16670a0d911eb3c633ee5.tar.gz
1 files changed, 16 insertions, 3 deletions
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index 65ec90f..2ad13b4 100644
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -725,15 +725,25 @@ static QList<qreal> parseNumbersList(const QChar *&str)
     return points;
 }
 
-static inline void parseNumbersArray(const QChar *&str, QVarLengthArray<qreal, 8> &points)
+static inline void parseNumbersArray(const QChar *&str, QVarLengthArray<qreal, 8> &points,
+                                     const char *pattern = nullptr)
 {
+    const size_t patternLen = qstrlen(pattern);
     while (str->isSpace())
         ++str;
     while (isDigit(str->unicode()) ||
            *str == QLatin1Char('-') || *str == QLatin1Char('+') ||
            *str == QLatin1Char('.')) {
 
-        points.append(toDouble(str));
+        if (patternLen && pattern[points.size() % patternLen] == 'f') {
+            // flag expected, may only be 0 or 1
+            if (*str != QLatin1Char('0') && *str != QLatin1Char('1'))
+                return;
+            points.append(*str == QLatin1Char('0') ? 0.0 : 1.0);
+            ++str;
+        } else {
+            points.append(toDouble(str));
+        }
 
         while (str->isSpace())
             ++str;
@@ -1599,8 +1609,11 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
         ++str;
         QChar endc = *end;
         *const_cast<QChar *>(end) = u'\0'; // parseNumbersArray requires 0-termination that QStringView cannot guarantee
+        const char *pattern = nullptr;
+        if (pathElem == QLatin1Char('a') || pathElem == QLatin1Char('A'))
+            pattern = "rrrffrr";
         QVarLengthArray<qreal, 8> arg;
-        parseNumbersArray(str, arg);
+        parseNumbersArray(str, arg, pattern);
         *const_cast<QChar *>(end) = endc;
         if (pathElem == QLatin1Char('z') || pathElem == QLatin1Char('Z'))
             arg.append(0);//dummy
author	Eirik Aavitsland <eirik.aavitsland@qt.io>	2021-07-07 10:09:58 +0200
committer	Eirik Aavitsland <eirik.aavitsland@qt.io>	2021-07-14 10:24:38 +0200
commit	b313862fa04d9a5403c16670a0d911eb3c633ee5 (patch)
tree	6089952bbf003365882a3a5f359a0ce3691a110d /src
parent	b516143eb8103662912c9b807eb239909e6dde0b (diff)
download	qtsvg-b313862fa04d9a5403c16670a0d911eb3c633ee5.tar.gz