Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-73238

Malformed HTML file crashes QTextDocument::setHtml()

    XMLWordPrintable

    Details

    • Commits:
      79f2a9e666a241c5baba1b9bf35c12be4cefcc26 (qt/qtbase/5.12)

      Description

      1. Build the attached project:
        #include <QApplication>
        #include <QFile>
        #include <QTextDocument>
        
        int main(int argc, char *argv[])
        {
            QApplication a(argc, argv);
            QFile f(argv[1]);
            f.open(QFile::ReadOnly);
            QTextDocument().setHtml(f.readAll());
            return 0;
        }
        
      2. Start the resulting program passing the path to the attached malformed HTML file.
        The program will crash:
        1   __GI_raise                                                                             raise.c                   51   0x7ffff61eae97 
        2   __GI_abort                                                                             abort.c                   79   0x7ffff61ec801 
        3   qt_message_fatal                                                                       qlogging.cpp              1901 0x7ffff6bdfc0e 
        4   QMessageLogger::fatal                                                                  qlogging.cpp              887  0x7ffff6be086d 
        5   qt_assert                                                                              qglobal.cpp               3199 0x7ffff6bd93e9 
        6   QVarLengthArray<(anonymous namespace)::QBidiAlgorithm::DirectionalRun, 64>::operator[] qvarlengtharray.h         133  0x7ffff72fa754 
        7   (anonymous namespace)::QBidiAlgorithm::<lambda(int)>::operator()(int) const            qtextengine.cpp           369  0x7ffff72fa754 
        8   (anonymous namespace)::QBidiAlgorithm::generateDirectionalRuns                         qtextengine.cpp           516  0x7ffff72fb33b 
        9   (anonymous namespace)::QBidiAlgorithm::resolveExplicitLevels                           qtextengine.cpp           533  0x7ffff72fb33b 
        10  (anonymous namespace)::QBidiAlgorithm::process                                         qtextengine.cpp           1083 0x7ffff7305490 
        11  QTextEngine::itemize                                                                   qtextengine.cpp           2049 0x7ffff7305490 
        12  QTextEngine::attributes                                                                qtextengine.cpp           1942 0x7ffff7305e21 
        13  QTextLayout::previousCursorPosition                                                    qtextlayout.cpp           733  0x7ffff730d97e 
        14  QTextDocumentPrivate::previousCursorPosition                                           qtextdocument_p.cpp       1384 0x7ffff7335ba9 
        15  QTextCursorPrivate::movePosition                                                       qtextcursor.cpp           418  0x7ffff73623c7 
        16  QTextCursor::movePosition                                                              qtextcursor.cpp           1253 0x7ffff736591d 
        17  QTextHtmlImporter::processSpecialNodes                                                 qtextdocumentfragment.cpp 727  0x7ffff736aa0d 
        18  QTextHtmlImporter::import                                                              qtextdocumentfragment.cpp 518  0x7ffff736ae6a 
        19  QTextDocument::setHtml                                                                 qtextdocument.cpp         1250 0x7ffff732e9bb 
        20  main                                                                                   main.cpp                  10   0x555555554ee7 
        ... <Mehr>                                                                                                                               
        

        Attachments

        1. backtrace.txt
          40 kB
        2. setHtmlCrash.html
          0.0 kB
        3. setHtmlCrash.zip
          0.6 kB
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            • Assignee:
              laknoll Lars Knoll
              Reporter:
              rlohning Robert Löhning
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes