summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* SVG Image reading: Reject oversize svgs as corruptv5.12.125.12.125.12Eirik Aavitsland2021-11-081-0/+2
| | | | | | | | | | | Add an upper limit for height and width at 0xffff, same as jpeg. Fixes: QTBUG-95891 Change-Id: I0dbc80dab3aab9b4743548772fb63fa69ea21f8a Reviewed-by: Robert Löhning <robert.loehning@qt.io> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit e544d8e457d52b543cae5c988f81237c7d6608da) Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
* Do stricter error checking when parsing path nodesEirik Aavitsland2021-10-271-34/+25
| | | | | | | | | | | | | | The SVG spec mandates that path parsing should terminate on the first error encountered, and an error be reported. To improve the handling of corrupt files, implement such error handling, and also limit the number of QPainterPath elements to a reasonable range. Fixes: QTBUG-96044 Change-Id: Ic5e65d6b658516d6f1317c72de365c8c7ad81891 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> Reviewed-by: Robert Löhning <robert.loehning@qt.io> (cherry picked from commit 36cfd9efb9b22b891adee9c48d30202289cfa620) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Bump versionJani Heikkinen2021-10-041-1/+1
| | | | Change-Id: I9ed226106e18d56bcf6d6cdb8f956390afa20cd4
* Clamp parsed doubles to float representable valuesv5.12.115.12.11Allan Sandfeld Jensen2021-03-051-1/+4
| | | | | | | | | | | | Parts of our rendering assumes incoming doubles can still be sane floats. Fixes: QTBUG-91507 Change-Id: I7086a121e1b5ed47695a1251ea90e774dd8f148d Reviewed-by: Robert Löhning <robert.loehning@qt.io> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit bfd6ee0d8cf34b63d32adf10ed93daa0086b359f)
* Improve handling of malformed numeric values in svg filesEirik Aavitsland2020-12-081-0/+3
| | | | | | | | | | Catch cases where the input is not containable in a qreal, and avoid passing on inf values. Change-Id: I1ab8932d94473916815385240c29e03afb0e0c9e Reviewed-by: Robert Loehning <robert.loehning@qt.io> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit 428d56da9d5ed9bda51f7cc3c144996fb3a6a285)
* Bump versionJani Heikkinen2020-11-061-1/+1
| | | | Change-Id: I9444ca9dec9d2cf1898e61b1dbda53e1f28e600f
* Add changes file for Qt 5.12.10Antti Kokko2020-10-271-0/+46
| | | | | | | Change-Id: I08a4c977fe1652853e79ea6ce53b071db72b6986 Reviewed-by: Robert Loehning <robert.loehning@qt.io> (cherry picked from commit 261ed79b966065f4ce398f1a701be6298dd49be9) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Allow loading SVG files with a doctype declarationNicolas Fella2020-10-212-6/+6
| | | | | | | | | | | | | | | | SVGs may have a DOCTYPE declaration (https://www.w3.org/TR/2003/REC-SVGMobile-20030114/) in their first line. This patch makes sure those SVGs are loaded properly Fixes: QTBUG-87583 Change-Id: Ia3dcb519b6ee2b498dc81ef496764d99ea6c4a9a Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io> Reviewed-by: Robert Loehning <robert.loehning@qt.io> Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit 2f63ddc6afeb3d2c3c7a42add0129547acd61ede) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Reject corrupt svgs with invalid sizeEirik Aavitsland2020-10-161-0/+4
| | | | | | | | | | Fixes oss-fuzz-24735. Change-Id: I626905562d37b1e53bd346b13bd88894401818ca Reviewed-by: Robert Loehning <robert.loehning@qt.io> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit fcbbc73a97fefacace630e83a5c6ee48fa8eec43) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Bump versionJani Heikkinen2020-10-141-1/+1
| | | | Change-Id: Ib30b6329de983a7828adf8bee21416625bd7f4aa
* Change classification of XSVG LicenseKai Koehne2020-09-071-2/+3
| | | | | | | | | | | | [ChangeLog][Third-Party Code] XSVG license was re-classified to HPND-sell-variant, "Historical Permission Notice and Disclaimer - sell variant" https://spdx.org/licenses/HPND-sell-variant.html Change-Id: Icff6d7f072f0d4b64bd1c5ce703c8c007184ad8a Reviewed-by: Paul Wicking <paul.wicking@qt.io> (cherry picked from commit 8b7f3b4b6e6e2f1b6721af7ca6edeb83b3b3adf8) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Avoid recursion when inflating compressed svgsEirik Aavitsland2020-08-281-10/+17
| | | | | | | | | | | | Avoid the possibility of recursion loop for corrupt compressed files, and generally simplify the code, particularly the handling of the QT_NO_COMPRESS flag. Change-Id: Ic21a4814a45c4303cc366152be65ae54fa973461 Reviewed-by: Robert Loehning <robert.loehning@qt.io> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> (cherry picked from commit 3d67824828cf37a2357153e1c832b4cb06d3b485) Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
* Implement basic format check also for compressed svgsEirik Aavitsland2020-08-271-6/+19
| | | | | | | | | | | | | | | | | For uncompressed files, QSvgIOhandler::canRead() will reject any file that does not start out with a svg or xml tag. That rudimentary check was never done for compressed files (svgz). Implement the check during the decompressing itself, so that we can fail early and not waste time and memory decompressing potentially huge files that are anyway not valid svgs. Fixes: oss-fuzz-24611 Change-Id: I154efd8adafe7f09307e8b28a66b536539b1e4bd Reviewed-by: Robert Loehning <robert.loehning@qt.io> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> (cherry picked from commit 93466dad6613085a5044a862a3a84a4eba6fcef9) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Don't return partially inflated QByteArrayRobert Loehning2020-08-261-1/+1
| | | | | | | | | | | We're already stopping the extraction because we're running out of memory. It's no use to return this provisional result. Task-number: oss-fuzz-24611 Change-Id: Iea5a65a0f30b7a03c5405017c21cd9495a7c2971 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> (cherry picked from commit 103aace3b30ede9e5f5621e14542f5369eac749d) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Fix check against division by zeroRobert Loehning2020-08-192-4/+25
| | | | | | | | | | | The squared values must not be zero. Since both are qreal, this can happen even when neither of them is zero itself. Fixes: oss-fuzz-24738 Change-Id: I61b2bc891e7e3831d4b6ee68b467db28c4f877d4 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> (cherry picked from commit 7f1945c5fb492505db9a43853987eaf805291919) Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
* Use qFuzzyIsNull instead of isEmpty() on QRectFRobert Loehning2020-08-061-1/+1
| | | | | | | | | | Avoids an integer overflow in QOutlineMapper Fixes: oss-fuzz-24131 Change-Id: I77a280640df4971e440d3f8888d2e7036a1f2e6a Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit 21ae1e161c933ffae38d42fe8191975d5ad8ee6e)
* Don't divide by zeroRobert Loehning2020-08-041-0/+2
| | | | | | | | Fixes: oss-fuzz-24308 Change-Id: I628f073cc2ec99b18333d2831c53cd888ebc5780 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit 3206ab23a01ff19850ebdce6ac0338ddb29b5b95) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Avoid endless recursion in SvgStructureNode::boundsRobert Loehning2020-07-302-2/+8
| | | | | | | | Fixes: oss-fuzz-24028 Change-Id: I2ddfcd494747f2857d56ce54bc9c4ee3f986ac3e Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit 3f11586d79566c9ceb311c6c4a1ea12078deed5d) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Avoid endless recursion when inflating gzipRobert Loehning2020-07-292-5/+6
| | | | | | | | Fixes: oss-fuzz-24146 Change-Id: I52a974e6a0694fb4afb50d932b2e99917c3034b2 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> (cherry picked from commit 8368111c76471a7415c29ba293848003fca2a4af) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Return nullptr instead of 0Robert Loehning2020-07-241-1/+1
| | | | | | | Change-Id: I200214f90ce399034dabc61b00d20f7def8d923d Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit 0e1ea7b93388eca35814d3527584461074350f0f) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Don't divide by zeroVolker Hilsheimer2020-07-172-0/+11
| | | | | | | | | Fixes: oss-fuzz-23731 Change-Id: Ib21a32a30f7a204d263e6710f17567d91c6aae79 Reviewed-by: Robert Loehning <robert.loehning@qt.io> Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit a7941a5b82e1b8397e9d5f20e5a68c8aac37fb51) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Fix stack overflow in dtor of QSvgTinyDocumentRobert Loehning2020-07-151-1/+10
| | | | | | | | | | | Add a maximum to how many unfinished elements will be parsed by QSvgHandler. Fixes: oss-fuzz-24000 Change-Id: I4cea0500d2bc503d2c509d091300dd1117170299 Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit 2fc2cb44b275c7c18c2db262eec443eb198b9cc6) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Add error handling to color parsingAllan Sandfeld Jensen2020-06-231-19/+22
| | | | | | | | | | | Also fixes undefined shift of negative values. Fixes oss-fuzz 23644 Change-Id: I08c998ebf2217cb8dc50fcb805603e01e67ad64b Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit 9a0d4ff631003a84205c61bd7a6ef843207f1675) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Fix stack overflow in QSvgHandler::resolveGradientsAllan Sandfeld Jensen2020-06-232-5/+7
| | | | | | | | | | | Add a maximum to how deep it will nest. Fixes oss-fuzz 23643 Change-Id: I6183c04f65a539a6c7df42bc7346a86ee58aca6c Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit 6b86b5de893e9885f8288af5a096444b30fa2628) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Fix oom in QSvgTinyDocument::loadAllan Sandfeld Jensen2020-06-231-0/+6
| | | | | | | | | | | | Avoid overflowing the size integer. Fixes ozz-fuzz 23606 Change-Id: Iaae2c1e78e59737bba0e34791de4a3a92677f319 Reviewed-by: Robert Loehning <robert.loehning@qt.io> Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit 99a86c1bc347092d76f1288d901b30643b8eea6c) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Use QRect::isEmpty instead of QRect::isNullAllan Sandfeld Jensen2020-06-221-5/+5
| | | | | | | | | | | Otherwise we can end up processing empty rects, and get divisions by zero. Fixes oss-fuzz issue 23633. Change-Id: I0415462712792cb6a00eadd510b1688e859c419c Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit b5865df798323a63d8a89b8b50116888b930f3f0)
* Handle empty rectsAllan Sandfeld Jensen2020-06-221-10/+15
| | | | | | | | | | | | | Avoids a division by zero, also we don't appear to support auto sizes, so width and height are required attributes. Fixes oss-fuzz issue 23588. Change-Id: Ib3474c2ed4409977f6ffcf73088956c6c59ce4ad Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> Reviewed-by: Robert Loehning <robert.loehning@qt.io> (cherry picked from commit 78cbbc1aa3a4802b2eeec8b5abfe196e05df1b16) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Merge remote-tracking branch 'origin/5.12.9' into 5.12Qt Forward Merge Bot2020-06-171-0/+20
|\ | | | | | | Change-Id: Id4862ab9ac11cca8c1e740828f0f95f282e0d6fd
| * Add changes file for Qt 5.12.9v5.12.95.12.9Antti Kokko2020-06-041-0/+20
|/ | | | | | | + 3a677ae61f6ddcc7b3ab362d5a19d1831a1879df Bump version Change-Id: I22be9ad8a075db83d9400fc45129563d01f89ee8 Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
* Bump versionAlexandru Croitor2020-04-221-1/+1
| | | | Change-Id: I30f06b3b4d337979372a9bed512e87b3440bf276
* Merge remote-tracking branch 'origin/5.12.8' into 5.12Qt Forward Merge Bot2020-04-141-0/+20
|\ | | | | | | Change-Id: I2d7e031116a75656eba6d349c05ae3adfff45742
| * Add changes file for Qt 5.12.8v5.12.85.12.8Antti Kokko2020-03-171-0/+20
|/ | | | | | | + 4dd2be689840eb22409fe720498956555525f5bf Bump version Change-Id: Iacfbcd50e7f15d0ae36115e949707e478f0d26f6 Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
* Merge remote-tracking branch 'origin/5.12.7' into 5.12Qt Forward Merge Bot2020-01-311-0/+20
|\ | | | | | | Change-Id: I1668334cd289bf8b028d05a21219e35a763e11ba
| * Add changes file for Qt 5.12.7v5.12.75.12.7Antti Kokko2020-01-171-0/+20
| | | | | | | | | | | | | | + a74c296d19bb80004d822a96ff9e653f1dee75f8 Bump version Change-Id: I30a4b994d4588227e1845fbb716fb63e63171fd8 Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
* | Bump versionAlexandru Croitor2020-01-281-1/+1
|/
* Merge remote-tracking branch 'origin/5.12.6' into 5.12Qt Forward Merge Bot2020-01-071-0/+20
|\ | | | | | | Change-Id: Ia8e969da07ed4f8a6b59c7e09fd7e8c63bad8c31
| * Add changes file for Qt 5.12.6v5.12.65.12.6Antti Kokko2019-11-051-0/+20
| | | | | | | | | | | | | | + c9d8296c069db1fce98221cecb443e2e631a2536 Bump version Change-Id: I9181048ac95cc413ea42323db8045f5aeed159ca Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
* | Bump versionFrederik Gladhorn2019-11-071-1/+1
|/
* Bump versionFrederik Gladhorn2019-10-301-1/+1
|
* Merge "Merge remote-tracking branch 'origin/5.12.5' into 5.12"Qt Forward Merge Bot2019-09-071-0/+20
|\
| * Merge remote-tracking branch 'origin/5.12.5' into 5.12Qt Forward Merge Bot2019-09-071-0/+20
| |\ |/ / | | | | Change-Id: I97aca0fd9290c1295751fd618d0189014f2c732a
| * Add changes file for Qt 5.12.5v5.12.55.12.5Antti Kokko2019-08-231-0/+20
|/ | | | | | | | | | + b2f450146055360e6a25e80bc91753dd4d766bb1 Make QSvgGenerator test pass on Android + b540b304a39739ce1d630eb7a93b91926d25cbde Android: Fix QSVGPlugin test + 1cb4cd6e2d153bd1a4d53bfe4ccbeb6d8d269f55 Android: Skip QSVGRenderer test + 347de1dd25366015e3fbbc39ccd1a16ecb18eb2e Bump version Change-Id: Id2ea2664d0b9c350075673ce84c748939c2fe44a Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
* Bump versionFrederik Gladhorn2019-07-011-1/+1
| | | | Change-Id: I278f4280b8d088393e639e77eb9a51527a9560dd
* Android: Skip QSVGRenderer testEskil Abrahamsen Blomfeldt2019-06-251-1/+2
| | | | | | | | | | | | These tests require access to local file system and are not written to be portable to remote devices. Since there is no real platform-dependency in this, testing them on other platforms is sufficient, so we will just skip it on Android rather than spend time on it. Task-number: QTBUG-73624 Change-Id: Ic11b69d2eb73e0cd264b153c9870dd7923e1336d Reviewed-by: BogDan Vatra <bogdan@kdab.com>
* Android: Fix QSVGPlugin testEskil Abrahamsen Blomfeldt2019-06-252-17/+17
| | | | | | | | | Assets have to be included in the resources in order to be accessible when testing on a remote device. Task-number: QTBUG-73625 Change-Id: I80332b6492bffc01c0157918b9e6abbc2b87a43b Reviewed-by: BogDan Vatra <bogdan@kdab.com>
* Make QSvgGenerator test pass on AndroidEskil Abrahamsen Blomfeldt2019-05-142-2/+3
| | | | | | | | | | Platforms like Android require assets to be bundled with the app. We include the reference SVGs as resources to work around this. Task-number: QTBUG-73623 Change-Id: Id9cc7a7d575da5adbe73a3392419fd74a1ec1bbd Reviewed-by: BogDan Vatra <bogdan@kdab.com>
* Merge "Merge remote-tracking branch 'origin/5.12.4' into 5.12"Qt Forward Merge Bot2019-06-172-1/+21
|\
| * Merge remote-tracking branch 'origin/5.12.4' into 5.12Qt Forward Merge Bot2019-06-172-1/+21
| |\ |/ / | | | | Change-Id: I695d5bc0c1f5d93f4880d0b687b36327a88497cf
| * Add changes file for Qt 5.12.4v5.12.45.12.4Antti Kokko2019-05-231-0/+20
| | | | | | | | | | Change-Id: Ia8f0e8cc9e7e8f072358b4c179e7aedafb7d67ba Reviewed-by: Frederik Gladhorn <frederik.gladhorn@qt.io>
| * Bump versionFrederik Gladhorn2019-05-231-1/+1
|/ | | | Change-Id: I2cf60b8efe6070d6deaa1e2780a5bab7a710705a
View Lorry Controller Status