Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-101698

[REG 6.2.2 -> 6.2.3] Integer overflow when loading svg image

    XMLWordPrintable

Details

    • 1b5ab50692 (qt/qtsvg/dev) 1b5ab50692 (qt/tqtc-qtsvg/dev) 4a0c00f96c (qt/qtsvg/6.4) 5a33f8f75b (qt/qtsvg/6.3) 47156fcd7e (qt/tqtc-qtsvg/6.2) cb9e1c92f9 (qt/tqtc-qtsvg/5.15) 5a33f8f75b (qt/tqtc-qtsvg/6.3) 4a0c00f96c (qt/tqtc-qtsvg/6.4)

    Description

      1. Have a build of Qt including qtsvg configured with "-sanitize undefined".
      2. Use this to build the attached project, e.g.:
        qt-cmake /tmp/report/ && cmake --build .
        
      3. Run the resulting binary passing the attached input file as parameter, e.g.:
        ./report /tmp/report/45321.svg
        

        You will see output like:

        qt.svg: Invalid path data; path truncated.
        /home/qtrob/dev/src/qt-dev_03.04-base_svg/qtbase/src/gui/kernel/../../corelib/global/qglobal.h:703:14: runtime error: -nan is outside the range of representable values of type 'int'
        SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-dev_03.04-base_svg/qtbase/src/gui/kernel/../../corelib/global/qglobal.h:703:14 in 
        /home/qtrob/dev/clang-10.0.0/qt-dev_03.04-base_svg-fubsan/qtbase/include/QtCore/../../../../../src/qt-dev_03.04-base_svg/qtbase/src/corelib/kernel/qmath.h:81:16: runtime error: -nan is outside the range of representable values of type 'int'
        SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/clang-10.0.0/qt-dev_03.04-base_svg-fubsan/qtbase/include/QtCore/../../../../../src/qt-dev_03.04-base_svg/qtbase/src/corelib/kernel/qmath.h:81:16 in 
        /home/qtrob/dev/clang-10.0.0/qt-dev_03.04-base_svg-fubsan/qtbase/include/QtCore/../../../../../src/qt-dev_03.04-base_svg/qtbase/src/corelib/kernel/qmath.h:75:16: runtime error: -nan is outside the range of representable values of type 'int'
        SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/clang-10.0.0/qt-dev_03.04-base_svg-fubsan/qtbase/include/QtCore/../../../../../src/qt-dev_03.04-base_svg/qtbase/src/corelib/kernel/qmath.h:75:16 in 
        /home/qtrob/dev/src/qt-dev_03.04-base_svg/qtbase/src/corelib/tools/qrect.h:183:70: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
        SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-dev_03.04-base_svg/qtbase/src/corelib/tools/qrect.h:183:70 in
        

      This is a regression. Qt 6.2.2 does not show this warning.

      Google's oss-fuzz found this as issue 45321. They will publish the details on June 6th.

      Attachments

        1. 45321.svg
          4 kB
        2. CMakeLists.txt
          0.3 kB
        3. main.cpp
          0.2 kB

        Issue Links

          For Gerrit Dashboard: QTBUG-101698
          # Subject Branch Project Status CR V

          Activity

            People

              esabraha Eskil Abrahamsen Blomfeldt
              rlohning Robert Löhning
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: