QPainterPath can't handle NaNs inside coordinates, but instead of safely ignoring or aborting an operation, it shows a warning and keeps going on, with undefined behavior. Sometimes leading to infinite loops, leaks or crashes (see qtwebkit example below).

This is particularly bad when QPainterPath is used to render content from untrusted sources (web or user data). As an example, there's a qtwebkit bug where the browser crashes when a particular SVG is loaded: https://bugs.webkit.org/show_bug.cgi?id=51698.

Please note that "untrusted sources" doesn't apply only to network sources. This behavior can probably be exploited on applications such as file-browsers with previews enabled.

I'm about to submit a merge request where QPainterPath ignores the operation (moveTo(), lineTo(), cubicTo(), quadTo(), arcTo(), addRect(), addEllipse() and operator>>()) if a NaN is found in the coordinates (instead of staying in undefined state). It should be far safer than the current implementation.