Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-105151

[REG 6.2.2 -> 6.2.3] fuzz: undefined behaviour in QRectF/QRect

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P1: Critical
    • None
    • 6.2.3, 6.3.1, 6.4.0 Beta2
    • SVG Support
    • KDE neon User - Plasma 5.25
    • Linux/X11

    Description

      Using a build of Qt with the UBSAN sanitizer enabled, the attached svg file triggers undefined behaviour due to an integer overflow happening in different places in QRect and QRectF.

      The first one happens in QRectF::toAlignedRect while calculating the width and height of the rect. Once this one is fixed, the same issue is detected in the QRect constructors as they are doing the similar mathematical operations that can be found in toAlignedRect.

      Google's oss-fuzz found this as oss-fuzz report. They will publish the details 90 days from now, the latest.

      The test case provided by QTBUG-103454 can be reused with the input from this report.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-111850 [REG 6.2.2 -> 6.2.3] Loading particular svg file takes far too long

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-101698 [REG 6.2.2 -> 6.2.3] Integer overflow when loading svg image

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          For Gerrit Dashboard: QTBUG-105151
          # Subject Branch Project Status CR V
          423469,3 Fix undefined behavior from math operations in QRectF dev qt/qtbase Status: NEW 0 0

          Activity

            People

              sgaist Samuel Gaist
              sgaist Samuel Gaist
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There is 1 open Gerrit change