Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-130992

Crash when rendering radialGradient

    XMLWordPrintable

Details

    • 42bd879e2 (dev), e63884c59 (6.9), e25f93c15 (6.8), 27c3e8b94 (dev)

    Description

      Simply open the attached svg file:

      <svg><radialGradient id="grd2" cx="340266920938463463374607431767777777777"></radialGradient><text stroke="url(#grd2)">N</text><text x="302"></text></svg>

      You can use it to construct a QSvgRenderer and then call render(QPainter *) on that or you can just try opening it in Qt Creator. Both will lead to a crash.

      Google's oss-fuzz found this as issue 42533347. Their report is public.

      Attachments

        1. 42533347.svg
          0.2 kB
        2. Backtrace1.txt
          121 kB
        3. QTBUG-130992.svg
          0.1 kB

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-120332 [REG 6.6.1 -> 6.7] rendering svg causes division by zero in getRadialGradientValues

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          For Gerrit Dashboard: QTBUG-130992
          # Subject Branch Project Status CR V
          603190,6 Add test for huge radialGradient which crashed painting dev qt/qtsvg Status: ABANDONED 0 -1
          611961,3 WIP: Don't use SSE2 for qt_fetch_radial_gradient dev qt/qtbase Status: ABANDONED -2 +1
          612012,4 QRadialGradient: Fix crash on huge x values dev qt/qtbase Status: MERGED +2 +1
          612439,4 QRadialGradient: Fix crash on huge x values 6.9 qt/qtbase Status: MERGED +2 0
          612473,2 fuzzing: Add svg file which crashed painting dev qt/qtqa Status: MERGED +2 0
          612852,2 QRadialGradient: Fix crash on huge x values 6.8 qt/qtbase Status: MERGED +2 0

          Activity

            People

              rlohning Robert Löhning
              rlohning Robert Löhning
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes