Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-134044

SvgHandler might access out of bound

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P1: Critical
    • 6.8.4, 6.9.1, 6.10.0 FF
    • 6.9
    • SVG Support
    • None
    • 274d201f1 (dev), 7c7c613a7 (6.9), 257bc3ae6 (6.8)

    Description

      The following code does not check the length of family before accessing the first character:

      https://codebrowser.dev/qt5/qtsvg/src/svg/qsvghandler.cpp.html#1382

      if (!attributes.fontFamily.isEmpty() && attributes.fontFamily != QT_INHERIT) {
              QString family = attributes.fontFamily.toString().trimmed();
              if (family.at(0) == QLatin1Char('\'') || family.at(0) == QLatin1Char('\"'))
                  family = family.mid(1, family.size() - 2);
              fontStyle->setFamily(family);

      Attachments

        For Gerrit Dashboard: QTBUG-134044
        # Subject Branch Project Status CR V
        628011,3 Fix font family out of bound access dev qt/qtsvg Status: MERGED +2 0
        630495,2 Fix font family out of bound access 6.9 qt/qtsvg Status: MERGED +2 0
        630695,2 Fix font family out of bound access 6.8 qt/qtsvg Status: MERGED +2 0

        Activity

          People

            hatemelkharashy Hatem ElKharashy
            matthias_rauter Matthias Rauter
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes