-
Bug
-
Resolution: Fixed
-
P1: Critical
-
6.5.0, dev
-
Manjaro Linux
clang 15.0.7
-
7b7a01c26 (dev), 7cc629660 (6.5), 318ea97a6 (6.5.1), 37551376b (tqtc/lts-6.2), 3ef230834 (tqtc/lts-5.15)
- Have a build of Qt configured with "-sanitize undefined"
- Build the attached project with it.
qt-cmake /tmp/report/ && cmake --build .
- Run the resulting program on the minimal plugin and pass the attached input file.
./report /tmp/report/58149.svg -platform minimal
The output will end in something like:
/home/qtrob/dev/clang-15.0.7/qt-dev_05.02-base_imageformats_svg-fubsan-qt-tiff/qtbase/include/QtGui/6.6.0/QtGui/private/../../../../../../../../src/qt-dev_05.02-base_imageformats_svg/qtbase/src/gui/painting/qfixed_p.h:53:51: runtime error: signed integer overflow: 2147443200 + 70400 cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/clang-15.0.7/qt-dev_05.02-base_imageformats_svg-fubsan-qt-tiff/qtbase/include/QtGui/6.6.0/QtGui/private/../../../../../../../../src/qt-dev_05.02-base_imageformats_svg/qtbase/src/gui/painting/qfixed_p.h:53:51 in
Google's detailed report
contains a stacktrace.
Google's oss-fuzz found this as issue 58149. They will publish their report on July 17th, the latest. The similar report 52532 is already public.
| For Gerrit Dashboard: QTBUG-113337 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 476125,5 | Fix specific overflow in qtextlayout | dev | qt/qtbase | Status: MERGED | +2 | 0 |
| 476489,2 | Fix specific overflow in qtextlayout | 6.5.1 | qt/qtbase | Status: MERGED | +2 | 0 |
| 476490,2 | Fix specific overflow in qtextlayout | 6.5 | qt/qtbase | Status: MERGED | +2 | 0 |
| 476495,3 | Fix specific overflow in qtextlayout | tqtc/lts-6.2 | qt/tqtc-qtbase | Status: MERGED | +2 | 0 |
| 476496,8 | Fix specific overflow in qtextlayout | tqtc/lts-5.15 | qt/tqtc-qtbase | Status: MERGED | +2 | 0 |