Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.12.3, 5.13.1, 5.14.0 Alpha
Affects Version/s: 5.11.3
Component/s: SVG Support
Labels:
None

Platform/s:

Linux/X11
Commits:
15f74a0f8a41759e1216d52d53852c05c9299107 (qt/qtsvg/5.12.3)

Description

A specific SVG file can cause an endless loop and a crash.

#include <QGuiApplication>
#include <QSvgRenderer>
#include <QPainter>
#include <QDebug>

int main(int argc, char *argv[])
{
    QGuiApplication a(argc, argv);

    const QString svg =
        "<svg viewBox='0 0 200 200' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink'>"
        "   <linearGradient id='lg1' xlink:href='#lg3'/>"
        "   <linearGradient id='lg3' xlink:href='#lg4'/>"
        "   <linearGradient id='lg4' xlink:href='#lg1'/>"
        "   <rect x='20' y='20' width='160' height='160' fill='url(#lg4)'/>"
        "</svg>";

    QSvgRenderer render(svg.toUtf8());
    qDebug() << render.isValid(); // Ok

    QImage img(200, 200, QImage::Format_ARGB32);
    QPainter p(&img);
    render.render(&p); // An endless loop in QSvgGradientStyle::resolveStops()
    p.end();

    return 0;
}