Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-134044

SvgHandler might access out of bound

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P1: Critical
    • 6.8.4, 6.9.1, 6.10.0 FF
    • 6.9
    • SVG Support
    • None
    • 274d201f1 (dev), 7c7c613a7 (6.9), 257bc3ae6 (6.8)

    Description

      The following code does not check the length of family before accessing the first character:

      https://codebrowser.dev/qt5/qtsvg/src/svg/qsvghandler.cpp.html#1382

      if (!attributes.fontFamily.isEmpty() && attributes.fontFamily != QT_INHERIT) {
              QString family = attributes.fontFamily.toString().trimmed();
              if (family.at(0) == QLatin1Char('\'') || family.at(0) == QLatin1Char('\"'))
                  family = family.mid(1, family.size() - 2);
              fontStyle->setFamily(family);

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            hatemelkharashy Hatem ElKharashy
            matthias_rauter Matthias Rauter
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes