summaryrefslogtreecommitdiff
path: root/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp')
-rw-r--r--tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp45
1 files changed, 43 insertions, 2 deletions
diff --git a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
index 686c854..36c76ec 100644
--- a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
+++ b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
@@ -74,6 +74,7 @@ private slots:
void fillRule();
void opacity();
void paths();
+ void paths2();
void displayMode();
void strokeInherit();
void testFillInheritance();
@@ -82,6 +83,9 @@ private slots:
void smallFont();
void styleSheet();
void duplicateStyleId();
+ void oss_fuzz_23731();
+ void oss_fuzz_24131();
+ void oss_fuzz_24738();
#ifndef QT_NO_COMPRESS
void testGzLoading();
@@ -836,10 +840,9 @@ void tst_QSvgRenderer::testGzHelper_data()
"cbcfe70200a865327e040000001f8b08001c2a934800034b4a2ce20200e9b3a20404000000"))
<< QByteArray("foo\nbar\n");
- // We should still get data of the first member if subsequent members are corrupt
QTest::newRow("corruptedSecondMember") << QByteArray::fromHex(QByteArray("1f8b08001c2a934800034b"
"cbcfe70200a865327e040000001f8c08001c2a934800034b4a2ce20200e9b3a20404000000"))
- << QByteArray("foo\n");
+ << QByteArray();
}
@@ -1045,6 +1048,19 @@ void tst_QSvgRenderer::paths()
}
}
+void tst_QSvgRenderer::paths2()
+{
+ const char *svg =
+ "<svg xmlns=\"http://www.w3.org/2000/svg\" width=\"16\" height=\"16\">"
+ "<path d=\"M 3 8 A 5 5 0 1013 8\" id=\"path1\"/>"
+ "</svg>";
+
+ QByteArray data(svg);
+ QSvgRenderer renderer(data);
+ QVERIFY(renderer.isValid());
+ QCOMPARE(renderer.boundsOnElement(QLatin1String("path1")).toRect(), QRect(3, 8, 10, 5));
+}
+
void tst_QSvgRenderer::displayMode()
{
static const char *svgs[] = {
@@ -1605,5 +1621,30 @@ void tst_QSvgRenderer::duplicateStyleId()
renderer.render(&painter);
}
+void tst_QSvgRenderer::oss_fuzz_23731()
+{
+ // when configured with "-sanitize undefined", this resulted in:
+ // "runtime error: division by zero"
+ QSvgRenderer().load(QByteArray("<svg><path d=\"A4------\">"));
+}
+
+void tst_QSvgRenderer::oss_fuzz_24131()
+{
+ // when configured with "-sanitize undefined", this resulted in:
+ // "runtime error: -nan is outside the range of representable values of type 'int'"
+ // runtime error: signed integer overflow: -2147483648 + -2147483648 cannot be represented in type 'int'
+ QImage image(377, 233, QImage::Format_RGB32);
+ QPainter painter(&image);
+ QSvgRenderer renderer(QByteArray("<svg><path d=\"M- 4 44044404444E-334-\"/></svg>"));
+ renderer.render(&painter);
+}
+
+void tst_QSvgRenderer::oss_fuzz_24738()
+{
+ // when configured with "-sanitize undefined", this resulted in:
+ // "runtime error: division by zero"
+ QSvgRenderer().load(QByteArray("<svg><path d=\"a 2 1e-212.....\">"));
+}
+
QTEST_MAIN(tst_QSvgRenderer)
#include "tst_qsvgrenderer.moc"
View Lorry Controller Status