From 1aadb618e89015fa27672b555a127dc6b726720c Mon Sep 17 00:00:00 2001
From: Robert Loehning <robert.loehning@qt.io>
Date: Fri, 17 Jul 2020 16:50:08 +0200
Subject: Test rendering length which is fuzzy null

Change-Id: I1a21f70cc5ca2319d041c5db8900e69adcb9850d
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit 990bc88510a377532e3d16bede90965c043e22a0)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
index c890a14..99e298b 100644
--- a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
+++ b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
@@ -83,6 +83,7 @@ private slots:
     void styleSheet();
     void duplicateStyleId();
     void oss_fuzz_23731();
+    void oss_fuzz_24131();
 
 #ifndef QT_NO_COMPRESS
     void testGzLoading();
@@ -1612,5 +1613,16 @@ void tst_QSvgRenderer::oss_fuzz_23731()
     QSvgRenderer().load(QByteArray("<svg><path d=\"A4------\">"));
 }
 
+void tst_QSvgRenderer::oss_fuzz_24131()
+{
+    // when configured with "-sanitize undefined", this resulted in:
+    // "runtime error: -nan is outside the range of representable values of type 'int'"
+    // runtime error: signed integer overflow: -2147483648 + -2147483648 cannot be represented in type 'int'
+    QImage image(377, 233, QImage::Format_RGB32);
+    QPainter painter(&image);
+    QSvgRenderer renderer(QByteArray("<svg><path d=\"M- 4 44044404444E-334-\"/></svg>"));
+    renderer.render(&painter);
+}
+
 QTEST_MAIN(tst_QSvgRenderer)
 #include "tst_qsvgrenderer.moc"
-- 
cgit v1.2.1