Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-120332

[REG 6.6.1 -> 6.7] rendering svg causes division by zero in getRadialGradientValues

    XMLWordPrintable

Details

    • 69bed6cd3 (dev), bd6a866fb (dev), 4596aa7bf (6.7)

    Description

      1. Have a build of Qt configured with "-sanitize undefined".
      2. Build the attached project with that.
      3. Run the resulting binary with the attached svg file as parameter.
        The sanitizer will show a division by zero: 
        /home/qtrob/dev/src/qt-dev_12.21-base_imageformats_svg/qtbase/src/gui/painting/qdrawhelper.cpp:3416:18: runtime error: division by zero
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-dev_12.21-base_imageformats_svg/qtbase/src/gui/painting/qdrawhelper.cpp:3416:18 in

      Google's oss-fuzz found this as issue 63780. Their report is public. It went to "Verified" state in November but I can still reproduce the issue with Qt's latest sources.

      Attachments

        1. 63780.svg
          0.1 kB
        2. CMakeLists.txt
          0.4 kB
        3. gradientdivisionbyzero.tar.xz
          4 kB
        4. main.cpp
          0.4 kB

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-130992 Crash when rendering radialGradient

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          For Gerrit Dashboard: QTBUG-120332
          # Subject Branch Project Status CR V
          528253,6 QRadialGradient: Fix undefined behavior dev qt/qtbase Status: MERGED +2 0
          528480,2 fuzzing: Add input file which triggered division by zero dev qt/qtqa Status: MERGED +2 0
          528779,2 QRadialGradient: Fix undefined behavior 6.7 qt/qtbase Status: MERGED +2 0

          Activity

            People

              hatemelkharashy Hatem ElKharashy
              rlohning Robert Löhning
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes