Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-105151

[REG 6.2.2 -> 6.2.3] fuzz: undefined behaviour in QRectF/QRect

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: P1: Critical P1: Critical
    • None
    • 6.2.3, 6.3.1, 6.4.0 Beta2
    • SVG Support
    • KDE neon User - Plasma 5.25
    • Linux/X11

      Using a build of Qt with the UBSAN sanitizer enabled, the attached svg file triggers undefined behaviour due to an integer overflow happening in different places in QRect and QRectF.

      The first one happens in QRectF::toAlignedRect while calculating the width and height of the rect. Once this one is fixed, the same issue is detected in the QRect constructors as they are doing the similar mathematical operations that can be found in toAlignedRect.

      Google's oss-fuzz found this as oss-fuzz report. They will publish the details 90 days from now, the latest.

      The test case provided by QTBUG-103454 can be reused with the input from this report.

        For Gerrit Dashboard: QTBUG-105151
        # Subject Branch Project Status CR V

            sgaist Samuel Gaist
            sgaist Samuel Gaist
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:

                There is 1 open Gerrit change