Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-107670

[REG 6.2.2 -> 6.2.3] Integer overflow in gui/painting when drawing svg image

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P2: Important P2: Important
    • 6.5.4, 6.6.0
    • 6.2.3, 6.5
    • SVG Support
    • Ubuntu 20.04 LTS
      clang 10.0.0
    • df6474955b7e661363b21d85dfa1cc3e46af515c

      1. Have a build of Qt including qtsvg configured with "-sanitize undefined".
      2. Use that to build the attached project. 
        qt-cmake /tmp/report/ && cmake --build .
      3. Run the resulting program and pass the input file. 
        ./report /tmp/report/50637.svg

        You will see output like: 

        /home/qtrob/dev/src/qt-dev_09.23-base_imageformats_svg/qtbase/src/gui/painting/qdrawhelper.cpp:5002:59: runtime error: signed integer overflow: -772328716 * 6 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-dev_09.23-base_imageformats_svg/qtbase/src/gui/painting/qdrawhelper.cpp:5002:59 in

      Google's oss-fuzz found this as issue 50637. That report is public now because is was closed as false negative. Two days later, it was replaced by the equivalent 52383.

        1. 50637.svg
          2 kB
        2. 58951.svg
          0.2 kB
        3. CMakeLists.txt
          0.3 kB
        4. main.cpp
          0.4 kB
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            tvete Paul Olav Tvete
            rlohning Robert Löhning
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes