From 2074f88aebd83147e7953ebb81c884926590e393 Mon Sep 17 00:00:00 2001
From: Robert Loehning <robert.loehning@qt.io>
Date: Wed, 15 Jul 2020 20:32:46 +0200
Subject: Avoid endless recursion in SvgStructureNode::bounds

Fixes: oss-fuzz-24028
Change-Id: I2ddfcd494747f2857d56ce54bc9c4ee3f986ac3e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 3f11586d79566c9ceb311c6c4a1ea12078deed5d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/svg/qsvgstructure.cpp | 9 +++++++--
 src/svg/qsvgstructure_p.h | 1 +
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/svg/qsvgstructure.cpp b/src/svg/qsvgstructure.cpp
index 398cd5d..b89608b 100644
--- a/src/svg/qsvgstructure.cpp
+++ b/src/svg/qsvgstructure.cpp
@@ -47,6 +47,8 @@
 #include "qlocale.h"
 #include "qdebug.h"
 
+#include <qscopedvaluerollback.h>
+
 QT_BEGIN_NAMESPACE
 
 QSvgG::QSvgG(QSvgNode *parent)
@@ -356,8 +358,11 @@ void QSvgSwitch::init()
 QRectF QSvgStructureNode::bounds(QPainter *p, QSvgExtraStates &states) const
 {
     QRectF bounds;
-    for (QSvgNode *node : qAsConst(m_renderers))
-        bounds |= node->transformedBounds(p, states);
+    if (!m_recursing) {
+        QScopedValueRollback<bool> guard(m_recursing, true);
+        for (QSvgNode *node : qAsConst(m_renderers))
+            bounds |= node->transformedBounds(p, states);
+    }
     return bounds;
 }
 
diff --git a/src/svg/qsvgstructure_p.h b/src/svg/qsvgstructure_p.h
index b055364..6b69364 100644
--- a/src/svg/qsvgstructure_p.h
+++ b/src/svg/qsvgstructure_p.h
@@ -78,6 +78,7 @@ protected:
     QList<QSvgNode*>          m_renderers;
     QHash<QString, QSvgNode*> m_scope;
     QList<QSvgStructureNode*> m_linkedScopes;
+    mutable bool              m_recursing = false;
 };
 
 class Q_SVG_PRIVATE_EXPORT QSvgG : public QSvgStructureNode
-- 
cgit v1.2.1