-
Bug
-
Resolution: Fixed
-
P1: Critical
-
6.6
-
None
-
Linux gcc_64 Ubuntu 22.04
-
edc8ca7f1 (dev), effc44495 (6.6), e52b6e1b8 (6.5), 0d646f6d2 (tqtc/lts-6.2), a090bd1f9 (dev), 7eb8f6391 (dev), 0bfb42057 (6.6), f12f89393 (6.6), 97db6d901 (6.5), 0c1345543 (6.5), d8ce66da0 (dev)
Hello!
Unfortunately the QML Image can crash the whole application without being able to react, if a source is specified that has bad image data (which by specifying a URL is often not known ahead). The crash happens due it's assumed to be a SVG (while it's not) and the SVG parsing is seemingly not good enough guarded to handle errors, instead crashes.
The crash happened here on Qt 6.6.0 gcc_64 I installed fresh today. OS is Ubuntu 22.04.
Note: I can NOT reproduce the error in Qt 6.5.3 so seemingly this is a regression in Qt SVG module between Qt 6.5.3 - 6.6.0.
Minimal example
import QtQuick import QtQuick.Window import QtQuick.Controls Window { width: 900 height: 600 visible: true Image { anchors.centerIn: parent source: "https://slashdot.org/slashdot-it.pl?op=discuss&id=23088195&smallembed=1" } }
A copy of the "image" is attached to the issue (retrieved with wget <URL>).
Additional Qt SVG module is linked via CMakeLists.txt. Qt additional Image Formats are also installed.
Expectation
Yes, it's not a valid SVG image, or any image at all. Still, it should not produce a crash, but set a error state / mark as bad image via QImage::isNull=true.
In this case it is some URL that was returned by a RSS feed as a image attachment. User inputs for QML source can be <anything>.
Stacktrace
- is duplicated by
-
QTBUG-118675 Crash QSvgTinyDocument::load(const QByteArray &contents)
-
- Closed
-
- relates to
-
QTBUG-118653 crash in qsvghandler.cpp
-
- Closed
-
For Gerrit Dashboard: QTBUG-117944 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
510674,3 | Fix nullptr dereference with invalid SVG | dev | qt/qtsvg | Status: MERGED | -1 | 0 |
510692,2 | Fix nullptr dereference with invalid SVG | 6.6 | qt/qtsvg | Status: MERGED | +2 | 0 |
510714,4 | Make sure we don't load invalid SVGs twice | dev | qt/qtsvg | Status: MERGED | +2 | 0 |
510779,2 | Verify that loading of invalid SVG files don't crash | dev | qt/qtsvg | Status: MERGED | +2 | 0 |
510887,2 | Fix nullptr dereference with invalid SVG | 6.5 | qt/qtsvg | Status: MERGED | +2 | 0 |
511103,2 | Fix nullptr dereference with invalid SVG | tqtc/lts-6.2 | qt/tqtc-qtsvg | Status: MERGED | +2 | 0 |
511824,2 | Make sure we don't load invalid SVGs twice | 6.6 | qt/qtsvg | Status: MERGED | +2 | 0 |
511825,2 | Verify that loading of invalid SVG files don't crash | 6.6 | qt/qtsvg | Status: MERGED | +2 | 0 |
511827,2 | Verify that loading of invalid SVG files don't crash | 6.5 | qt/qtsvg | Status: MERGED | +2 | 0 |
511828,2 | Make sure we don't load invalid SVGs twice | 6.5 | qt/qtsvg | Status: MERGED | +2 | 0 |
526812,3 | fuzzing: Add files which caused a nullptr dereference in qtsvg | dev | qt/qtqa | Status: MERGED | +2 | 0 |