summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorEirik Aavitsland <eirik.aavitsland@qt.io>2020-10-14 09:29:19 +0200
committerRobert Loehning <robert.loehning@qt.io>2020-10-16 10:30:12 +0000
commitfcbbc73a97fefacace630e83a5c6ee48fa8eec43 (patch)
tree4570e6243228ca7f2fdf1179aeb20f618196dd3c /src
parent802d52c0ebe62aa05d369b72d92adfbf6ab25664 (diff)
downloadqtsvg-fcbbc73a97fefacace630e83a5c6ee48fa8eec43.tar.gz
Reject corrupt svgs with invalid size
Fixes oss-fuzz-24735. Pick-to: 5.15 5.12 Change-Id: I626905562d37b1e53bd346b13bd88894401818ca Reviewed-by: Robert Loehning <robert.loehning@qt.io> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'src')
-rw-r--r--src/svg/qsvgrenderer.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/svg/qsvgrenderer.cpp b/src/svg/qsvgrenderer.cpp
index 7cc7968..53e6ec7 100644
--- a/src/svg/qsvgrenderer.cpp
+++ b/src/svg/qsvgrenderer.cpp
@@ -350,6 +350,10 @@ static bool loadDocument(QSvgRenderer *const q,
{
delete d->render;
d->render = QSvgTinyDocument::load(in);
+ if (d->render && !d->render->size().isValid()) {
+ delete d->render;
+ d->render = nullptr;
+ }
if (d->render && d->render->animated() && d->fps > 0) {
if (!d->timer)
d->timer = new QTimer(q);