Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-107670

[REG 6.2.2 -> 6.2.3] Integer overflow in gui/painting when drawing svg image

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P2: Important
    • None
    • 6.2.3, 6.5
    • SVG Support
    • Ubuntu 20.04 LTS
      clang 10.0.0

    Description

      1. Have a build of Qt including qtsvg configured with "-sanitize undefined".
      2. Use that to build the attached project.
        qt-cmake /tmp/report/ && cmake --build .
        
      3. Run the resulting program and pass the input file.
        ./report /tmp/report/50637.svg
        

        You will see output like:

        /home/qtrob/dev/src/qt-dev_09.23-base_imageformats_svg/qtbase/src/gui/painting/qdrawhelper.cpp:5002:59: runtime error: signed integer overflow: -772328716 * 6 cannot be represented in type 'int'
        SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-dev_09.23-base_imageformats_svg/qtbase/src/gui/painting/qdrawhelper.cpp:5002:59 in
        

      Google's oss-fuzz found this as issue 50637. That report is public now because is was closed as false negative. Two days later, it was replaced by the equivalent 52383.

      Attachments

        1. 50637.svg
          2 kB
        2. 58951.svg
          0.2 kB
        3. CMakeLists.txt
          0.3 kB
        4. main.cpp
          0.4 kB

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              qt.team.graphics.and.multimedia Qt Graphics Team
              rlohning Robert Löhning
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes