Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
6.2.3, 6.4
-
Ubuntu 20.04 LTS
clang 10.0.0
-
1b5ab50692 (qt/qtsvg/dev) 1b5ab50692 (qt/tqtc-qtsvg/dev) 4a0c00f96c (qt/qtsvg/6.4) 5a33f8f75b (qt/qtsvg/6.3) 47156fcd7e (qt/tqtc-qtsvg/6.2) cb9e1c92f9 (qt/tqtc-qtsvg/5.15) 5a33f8f75b (qt/tqtc-qtsvg/6.3) 4a0c00f96c (qt/tqtc-qtsvg/6.4)
Description
- Have a build of Qt including qtsvg configured with "-sanitize undefined".
- Use this to build the attached project, e.g.:
qt-cmake /tmp/report/ && cmake --build .
- Run the resulting binary passing the attached input file as parameter, e.g.:
./report /tmp/report/45321.svg
You will see output like:
qt.svg: Invalid path data; path truncated. /home/qtrob/dev/src/qt-dev_03.04-base_svg/qtbase/src/gui/kernel/../../corelib/global/qglobal.h:703:14: runtime error: -nan is outside the range of representable values of type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-dev_03.04-base_svg/qtbase/src/gui/kernel/../../corelib/global/qglobal.h:703:14 in /home/qtrob/dev/clang-10.0.0/qt-dev_03.04-base_svg-fubsan/qtbase/include/QtCore/../../../../../src/qt-dev_03.04-base_svg/qtbase/src/corelib/kernel/qmath.h:81:16: runtime error: -nan is outside the range of representable values of type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/clang-10.0.0/qt-dev_03.04-base_svg-fubsan/qtbase/include/QtCore/../../../../../src/qt-dev_03.04-base_svg/qtbase/src/corelib/kernel/qmath.h:81:16 in /home/qtrob/dev/clang-10.0.0/qt-dev_03.04-base_svg-fubsan/qtbase/include/QtCore/../../../../../src/qt-dev_03.04-base_svg/qtbase/src/corelib/kernel/qmath.h:75:16: runtime error: -nan is outside the range of representable values of type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/clang-10.0.0/qt-dev_03.04-base_svg-fubsan/qtbase/include/QtCore/../../../../../src/qt-dev_03.04-base_svg/qtbase/src/corelib/kernel/qmath.h:75:16 in /home/qtrob/dev/src/qt-dev_03.04-base_svg/qtbase/src/corelib/tools/qrect.h:183:70: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-dev_03.04-base_svg/qtbase/src/corelib/tools/qrect.h:183:70 in
This is a regression. Qt 6.2.2 does not show this warning.
Google's oss-fuzz found this as issue 45321. They will publish the details on June 6th.
Attachments
Issue Links
- relates to
-
QTBUG-105151 [REG 6.2.2 -> 6.2.3] fuzz: undefined behaviour in QRectF/QRect
- Reported
For Gerrit Dashboard: QTBUG-101698 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
415266,2 | QPainter: Avoid undefined behavior for broken world matrix | dev | qt/qtbase | Status: ABANDONED | -1 | 0 |
420496,5 | Avoid undefined behavior when painter transform goes oob | dev | qt/qtsvg | Status: MERGED | +2 | 0 |
421768,2 | Avoid undefined behavior when painter transform goes oob | 6.4 | qt/qtsvg | Status: MERGED | +2 | 0 |
421769,2 | Avoid undefined behavior when painter transform goes oob | 6.3 | qt/qtsvg | Status: MERGED | +2 | 0 |
421771,2 | Avoid undefined behavior when painter transform goes oob | tqtc/lts-5.15 | qt/tqtc-qtsvg | Status: MERGED | +2 | 0 |
421772,2 | Avoid undefined behavior when painter transform goes oob | tqtc/lts-6.2 | qt/tqtc-qtsvg | Status: MERGED | +2 | 0 |