From 73430f7a0393d6d148946ed4b1d2795af3374d9b Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
Date: Thu, 27 Aug 2020 10:51:35 +0200
Subject: Avoid recursion when inflating compressed svgs

Avoid the possibility of recursion loop for corrupt compressed files,
and generally simplify the code, particularly the handling of the
QT_NO_COMPRESS flag.

Change-Id: Ic21a4814a45c4303cc366152be65ae54fa973461
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 3d67824828cf37a2357153e1c832b4cb06d3b485)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/svg/qsvgtinydocument.cpp | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/src/svg/qsvgtinydocument.cpp b/src/svg/qsvgtinydocument.cpp
index 3bd0064..5956e35 100644
--- a/src/svg/qsvgtinydocument.cpp
+++ b/src/svg/qsvgtinydocument.cpp
@@ -181,6 +181,11 @@ static QByteArray qt_inflateSvgzDataFrom(QIODevice *device, bool doCheckContent)
     inflateEnd(&zlibStream);
     return destination;
 }
+#else
+static QByteArray qt_inflateSvgzDataFrom(QIODevice *)
+{
+    return QByteArray();
+}
 #endif
 
 QSvgTinyDocument * QSvgTinyDocument::load(const QString &fileName)
@@ -192,12 +197,10 @@ QSvgTinyDocument * QSvgTinyDocument::load(const QString &fileName)
         return 0;
     }
 
-#ifndef QT_NO_COMPRESS
     if (fileName.endsWith(QLatin1String(".svgz"), Qt::CaseInsensitive)
             || fileName.endsWith(QLatin1String(".svg.gz"), Qt::CaseInsensitive)) {
         return load(qt_inflateSvgzDataFrom(&file));
     }
-#endif
 
     QSvgTinyDocument *doc = 0;
     QSvgHandler handler(&file);
@@ -214,19 +217,20 @@ QSvgTinyDocument * QSvgTinyDocument::load(const QString &fileName)
 
 QSvgTinyDocument * QSvgTinyDocument::load(const QByteArray &contents)
 {
-#ifndef QT_NO_COMPRESS
+    QByteArray svg;
     // Check for gzip magic number and inflate if appropriate
     if (contents.startsWith("\x1f\x8b")) {
-        QBuffer buffer(const_cast<QByteArray *>(&contents));
-        const QByteArray inflated = qt_inflateSvgzDataFrom(&buffer);
-        if (inflated.isNull())
-            return nullptr;
-        return load(inflated);
+        QBuffer buffer;
+        buffer.setData(contents);
+        svg = qt_inflateSvgzDataFrom(&buffer);
+    } else {
+        svg = contents;
     }
-#endif
+    if (svg.isNull())
+        return nullptr;
 
     QBuffer buffer;
-    buffer.setData(contents);
+    buffer.setData(svg);
     buffer.open(QIODevice::ReadOnly);
     QSvgHandler handler(&buffer);
 
-- 
cgit v1.2.1