From 6f152f87dbbd47acc58458d636ce5d1cc181b8fd Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Thu, 28 Feb 2019 11:20:27 +0100 Subject: Fix IRI parsing, and use after free Make the parsing of IRI references tighter, and avoid freeing styles when inserting a duplicate id. Fixes: QTBUG-74104 Change-Id: I3a12fcf09ce1c55c135a4209817413ed8af75dec Reviewed-by: Robert Loehning Reviewed-by: Eirik Aavitsland --- tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp | 39 +++++++++++++++++++++------- 1 file changed, 29 insertions(+), 10 deletions(-) (limited to 'tests') diff --git a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp index 553838e..5b359b9 100644 --- a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp +++ b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp @@ -77,6 +77,7 @@ private slots: void testUseElement(); void smallFont(); void styleSheet(); + void duplicateStyleId(); #ifndef QT_NO_COMPRESS void testGzLoading(); @@ -139,22 +140,28 @@ void tst_QSvgRenderer::invalidUrl_data() { QTest::addColumn("svg"); - QTest::newRow("00") << QByteArray(""); - QTest::newRow("01") << QByteArray(""); - QTest::newRow("02") << QByteArray(""); - QTest::newRow("03") << QByteArray(""); - QTest::newRow("04") << QByteArray(""); - QTest::newRow("05") << QByteArray(""); - QTest::newRow("06") << QByteArray(""); - QTest::newRow("07") << QByteArray(""); - QTest::newRow("08") << QByteArray(""); - QTest::newRow("09") << QByteArray(""); + QTest::newRow("01") << QByteArray(""); + QTest::newRow("02") << QByteArray(""); + QTest::newRow("03") << QByteArray(""); + QTest::newRow("04") << QByteArray(""); + QTest::newRow("05") << QByteArray(""); + QTest::newRow("06") << QByteArray(""); + QTest::newRow("07") << QByteArray(""); + QTest::newRow("08") << QByteArray(""); + QTest::newRow("09") << QByteArray(""); + QTest::newRow("10") << QByteArray(""); + QTest::newRow("11") << QByteArray(""); + QTest::newRow("12") << QByteArray(""); + QTest::newRow("13") << QByteArray(""); } void tst_QSvgRenderer::invalidUrl() { QFETCH(QByteArray, svg); +#if QT_CONFIG(regularexpression) + QTest::ignoreMessage(QtWarningMsg, QRegularExpression("Could not resolve property")); +#endif QSvgRenderer renderer(svg); QVERIFY(renderer.isValid()); } @@ -1459,5 +1466,17 @@ void tst_QSvgRenderer::styleSheet() QCOMPARE(images[0], images[1]); } +void tst_QSvgRenderer::duplicateStyleId() +{ + QByteArray svg = QByteArrayLiteral("" + "" + ""); + QTest::ignoreMessage(QtWarningMsg, "Duplicate unique style id: \"a\""); + QImage image(200, 200, QImage::Format_RGB32); + QPainter painter(&image); + QSvgRenderer renderer(svg); + renderer.render(&painter); +} + QTEST_MAIN(tst_QSvgRenderer) #include "tst_qsvgrenderer.moc" -- cgit v1.2.1