Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-107670

[REG 6.2.2 -> 6.2.3] Integer overflow in gui/painting when drawing svg image

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P2: Important
    • None
    • 6.2.3, 6.5
    • SVG Support
    • Ubuntu 20.04 LTS
      clang 10.0.0

    Description

      1. Have a build of Qt including qtsvg configured with "-sanitize undefined".
      2. Use that to build the attached project. 
        qt-cmake /tmp/report/ && cmake --build .
      3. Run the resulting program and pass the input file. 
        ./report /tmp/report/50637.svg

        You will see output like: 

        /home/qtrob/dev/src/qt-dev_09.23-base_imageformats_svg/qtbase/src/gui/painting/qdrawhelper.cpp:5002:59: runtime error: signed integer overflow: -772328716 * 6 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-dev_09.23-base_imageformats_svg/qtbase/src/gui/painting/qdrawhelper.cpp:5002:59 in

      Google's oss-fuzz found this as issue 50637. That report is public now because is was closed as false negative. Two days later, it was replaced by the equivalent 52383.

      Attachments

        1. main.cpp
          0.4 kB
        2. CMakeLists.txt
          0.3 kB
        3. 58951.svg
          0.2 kB
        4. 50637.svg
          2 kB

        Issue Links

          resulted from

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-99407 [REG 6.1.3 -> 6.2.0] Loading svg file takes too long

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              qt.team.graphics.and.multimedia Qt Graphics Team
              rlohning Robert Löhning
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes