diff options
author | Robert Löhning <robert.loehning@qt.io> | 2021-07-23 13:53:47 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-07-27 14:45:24 +0000 |
commit | 77483e36ea7f57e818cfbbc2404499b95cd8d839 (patch) | |
tree | d1413fa7fc5a91e798b0201183ff0f2b8c5bb17b | |
parent | feed94bb336cdea2c3f1017b01775e85c5d8486e (diff) | |
download | qtsvg-77483e36ea7f57e818cfbbc2404499b95cd8d839.tar.gz |
Limit font size to avoid numerous overflows
The font size will be passed through a QFixed in
QFontEngineBox::ascent() and overflow there as well as in further places.
[ChangeLog] Avoid numerous overflows by limiting font size to 0xffff.
This fixes oss-fuzz issue 31701.
Change-Id: I2d00c5639804af9b056f0efc979e9899c5358cf7
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
(cherry picked from commit 76eeb072cdffc1a8c776ed01864e6751ccbfba85)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r-- | src/svg/qsvghandler.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp index 2ad13b4..f2757bd 100644 --- a/src/svg/qsvghandler.cpp +++ b/src/svg/qsvghandler.cpp @@ -1364,7 +1364,8 @@ static void parseFont(QSvgNode *node, break; case FontSizeValue: { QSvgHandler::LengthType dummy; // should always be pixel size - fontStyle->setSize(parseLength(attributes.fontSize, dummy, handler)); + fontStyle->setSize(qMin(parseLength(attributes.fontSize, dummy, handler), + qreal(0xffff))); } break; default: |