Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
4.7.4, 4.8.0
-
None
-
Windows 7 64Bit
-
9851e6da855357d6c1c17e956ba628aa975f92ce
Description
In our application, Qt crashes in QTextEngine::positionInLigature when trying to select text that contains BIDI control characters.
Seen in labels where the text is selectable by mouse and in textbrowsers as well.
Crash in qtextengine.cpp:2802
Code in Question:
Starting at line 2791: QFixed glyphWidth = glyphs.effectiveAdvance(glyph_pos); // <---- glyphs.effectiveAdvance returns 0 // the approximate width of each individual element of the ligature QFixed perItemWidth = glyphWidth / clusterLength; // <----- perItemWidth is then 0 too QFixed left = x > edge ? edge : edge - glyphWidth; int n = ((x - left) / perItemWidth).floor().toInt(); // Division by 0 resulting QFixed assign high value QFixed dist = x - left - n * perItemWidth; int closestItem = dist > (perItemWidth / 2) ? n + 1 : n; if (cursorOnCharacter && closestItem > 0) closestItem--; int pos = si->position + clusterStart + closestItem; // Jump to the next charStop while (!attrs[pos].charStop && pos < end) // Crash accessing attrs[] with high pos pos++;
Proposed crash fix (more defensive programming):
while( pos < end && !attrs[pos].charStop )
pos++;
bidi Character used: QString::fromUtf8( "\xe2\x80\x8e" );