Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-74744

Malformed HTML file crashes QTextDocument::setHtml()

    XMLWordPrintable

Details

    Description

      1. Build the attached project: 
        #include <QApplication>
#include <QFile>
#include <QTextDocument>

int main(int argc, char *argv[])
{
    QApplication a(argc, argv);
    QFile f(argv[1]);
    f.open(QFile::ReadOnly);
    QTextDocument().setHtml(f.readAll());
    return 0;
}
      2. Start the resulting program passing the path to the attached malformed HTML file.
        The program will crash: 
        1   raise                                                                                                              0x7ffff6808d7f 
2   abort                                                                                                              0x7ffff67f3672 
3   qt_message_fatal                                                                    qlogging.cpp              1901 0x7ffff6e4da14 
4   QMessageLogger::fatal                                                               qlogging.cpp              887  0x7ffff6e4e65f 
5   qt_assert                                                                           qlogging.h                91   0x7ffff6e46f82 
6   QVarLengthArray<(anonymous namespace)::QBidiAlgorithm::IsolatePair, 64>::operator[] qtextengine.cpp           458  0x7ffff7516122 
7   QVarLengthArray<(anonymous namespace)::QBidiAlgorithm::IsolatePair, 64>::at         qvarlengtharray.h         140  0x7ffff7516122 
8   (anonymous namespace)::QBidiAlgorithm::generateDirectionalRuns                      qtextengine.cpp           453  0x7ffff7516122 
9   (anonymous namespace)::QBidiAlgorithm::resolveExplicitLevels                        qtextengine.cpp           547  0x7ffff7516122 
10  (anonymous namespace)::QBidiAlgorithm::process                                      qtextengine.cpp           1097 0x7ffff7516122 
11  QTextEngine::itemize                                                                qtextengine.cpp           2073 0x7ffff7516122 
12  QTextEngine::attributes                                                             qtextengine.cpp           1957 0x7ffff7516f81 
13  QTextLayout::previousCursorPosition                                                 qtextlayout.cpp           733  0x7ffff751eb82 
14  QTextDocumentPrivate::previousCursorPosition                                        qtextdocument_p.cpp       1384 0x7ffff7544e35 
15  QTextCursorPrivate::movePosition                                                    qtextcursor.cpp           418  0x7ffff7570d45 
16  QTextCursor::movePosition                                                           atomic_base.h             390  0x7ffff7574754 
17  QTextHtmlImporter::processSpecialNodes                                              qtextdocumentfragment.cpp 726  0x7ffff75798db 
18  QTextHtmlImporter::import                                                           qtextdocumentfragment.cpp 517  0x7ffff7579baf 
19  QTextDocument::setHtml                                                              qtextdocument.cpp         1252 0x7ffff753da43 
20  main                                                                                main.cpp                  10   0x5555555552f6 
... <Mehr>

      Attachments

        1. setHtmlCrash.zip
          0.6 kB
        2. QTBUG-74744.html
          0.4 kB
        3. backtrace.txt
          278 kB
        For Gerrit Dashboard: QTBUG-74744
        # Subject Branch Project Status CR V
        257229,2 fuzzing: Add file which crashed QTextDocument::setHtml() master qt/qtqa Status: MERGED +2 0

        Activity

          People

            laknoll Lars Knoll
            rlohning Robert Löhning
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes