diff options
Diffstat (limited to 'tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp')
-rw-r--r-- | tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp | 45 |
1 files changed, 43 insertions, 2 deletions
diff --git a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp index 686c854..36c76ec 100644 --- a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp +++ b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp @@ -74,6 +74,7 @@ private slots: void fillRule(); void opacity(); void paths(); + void paths2(); void displayMode(); void strokeInherit(); void testFillInheritance(); @@ -82,6 +83,9 @@ private slots: void smallFont(); void styleSheet(); void duplicateStyleId(); + void oss_fuzz_23731(); + void oss_fuzz_24131(); + void oss_fuzz_24738(); #ifndef QT_NO_COMPRESS void testGzLoading(); @@ -836,10 +840,9 @@ void tst_QSvgRenderer::testGzHelper_data() "cbcfe70200a865327e040000001f8b08001c2a934800034b4a2ce20200e9b3a20404000000")) << QByteArray("foo\nbar\n"); - // We should still get data of the first member if subsequent members are corrupt QTest::newRow("corruptedSecondMember") << QByteArray::fromHex(QByteArray("1f8b08001c2a934800034b" "cbcfe70200a865327e040000001f8c08001c2a934800034b4a2ce20200e9b3a20404000000")) - << QByteArray("foo\n"); + << QByteArray(); } @@ -1045,6 +1048,19 @@ void tst_QSvgRenderer::paths() } } +void tst_QSvgRenderer::paths2() +{ + const char *svg = + "<svg xmlns=\"http://www.w3.org/2000/svg\" width=\"16\" height=\"16\">" + "<path d=\"M 3 8 A 5 5 0 1013 8\" id=\"path1\"/>" + "</svg>"; + + QByteArray data(svg); + QSvgRenderer renderer(data); + QVERIFY(renderer.isValid()); + QCOMPARE(renderer.boundsOnElement(QLatin1String("path1")).toRect(), QRect(3, 8, 10, 5)); +} + void tst_QSvgRenderer::displayMode() { static const char *svgs[] = { @@ -1605,5 +1621,30 @@ void tst_QSvgRenderer::duplicateStyleId() renderer.render(&painter); } +void tst_QSvgRenderer::oss_fuzz_23731() +{ + // when configured with "-sanitize undefined", this resulted in: + // "runtime error: division by zero" + QSvgRenderer().load(QByteArray("<svg><path d=\"A4------\">")); +} + +void tst_QSvgRenderer::oss_fuzz_24131() +{ + // when configured with "-sanitize undefined", this resulted in: + // "runtime error: -nan is outside the range of representable values of type 'int'" + // runtime error: signed integer overflow: -2147483648 + -2147483648 cannot be represented in type 'int' + QImage image(377, 233, QImage::Format_RGB32); + QPainter painter(&image); + QSvgRenderer renderer(QByteArray("<svg><path d=\"M- 4 44044404444E-334-\"/></svg>")); + renderer.render(&painter); +} + +void tst_QSvgRenderer::oss_fuzz_24738() +{ + // when configured with "-sanitize undefined", this resulted in: + // "runtime error: division by zero" + QSvgRenderer().load(QByteArray("<svg><path d=\"a 2 1e-212.....\">")); +} + QTEST_MAIN(tst_QSvgRenderer) #include "tst_qsvgrenderer.moc" |