Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-107670

[REG 6.2.2 -> 6.2.3] Integer overflow in gui/painting when drawing svg image

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P2: Important P2: Important
    • 6.5.4, 6.6.0
    • 6.2.3, 6.5
    • SVG Support
    • Ubuntu 20.04 LTS
      clang 10.0.0
    • df6474955b7e661363b21d85dfa1cc3e46af515c

      1. Have a build of Qt including qtsvg configured with "-sanitize undefined".
      2. Use that to build the attached project. 
        qt-cmake /tmp/report/ && cmake --build .
      3. Run the resulting program and pass the input file. 
        ./report /tmp/report/50637.svg

        You will see output like: 

        /home/qtrob/dev/src/qt-dev_09.23-base_imageformats_svg/qtbase/src/gui/painting/qdrawhelper.cpp:5002:59: runtime error: signed integer overflow: -772328716 * 6 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-dev_09.23-base_imageformats_svg/qtbase/src/gui/painting/qdrawhelper.cpp:5002:59 in

      Google's oss-fuzz found this as issue 50637. That report is public now because is was closed as false negative. Two days later, it was replaced by the equivalent 52383.

        1. main.cpp
          0.4 kB
        2. CMakeLists.txt
          0.3 kB
        3. 58951.svg
          0.2 kB
        4. 50637.svg
          2 kB
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            tvete Paul Olav Tvete
            rlohning Robert Löhning
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes