Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-87059

Integer-overflow in qRound through QSvgRenderer::render

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 6.0.3
    • 5.15
    • SVG Support
    • Ubuntu 18.04 LTS 64 bit
      clang 10.0.0
    • All

    Description

      1. Have a build of Qt configured with "-sanitize undefined".
      2. Build the attached project.
      3. Run the resulting program and pass the attached input file. 
        ./report input.svg

        You will get output including lines like:

        SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-5.15-base_svg-09.22/qtbase/src/corelib/kernel/qobject.cpp:420:13 in 
../../include/QtCore/../../../../../src/qt-5.15-base_svg-09.22/qtbase/src/corelib/global/qglobal.h:653:55: runtime error: -6,33825e+29 is outside the range of representable values of type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../include/QtCore/../../../../../src/qt-5.15-base_svg-09.22/qtbase/src/corelib/global/qglobal.h:653:55 in 
../../include/QtCore/../../../../../src/qt-5.15-base_svg-09.22/qtbase/src/corelib/global/qglobal.h:653:40: runtime error: -6,33825e+29 is outside the range of representable values of type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../include/QtCore/../../../../../src/qt-5.15-base_svg-09.22/qtbase/src/corelib/global/qglobal.h:653:40 in 
../../include/QtCore/../../../../../src/qt-5.15-base_svg-09.22/qtbase/src/corelib/global/qglobal.h:653:74: runtime error: -6,33825e+29 is outside the range of representable values of type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../include/QtCore/../../../../../src/qt-5.15-base_svg-09.22/qtbase/src/corelib/global/qglobal.h:653:74 in 
../../include/QtCore/../../../../../src/qt-5.15-base_svg-09.22/qtbase/src/corelib/global/qglobal.h:653:68: runtime error: signed integer overflow: -2147483648 + -2147483648 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../include/QtCore/../../../../../src/qt-5.15-base_svg-09.22/qtbase/src/corelib/global/qglobal.h:653:68 in 
/home/qtrob/dev/src/qt-5.15-base_svg-09.22/qtbase/src/corelib/kernel/qobject.cpp:393:27: runtime error: upcast of misaligned address 0x000001382861 for type 'QObjectPrivate::Connection', which requires 8 byte alignment

      Google's oss-fuzz found this as issue 24756.

      Attachments

        1. input.svg
          0.1 kB
          Robert Löhning
        2. main.cpp
          0.4 kB
          Robert Löhning
        3. report.pro
          0.0 kB
          Robert Löhning
        For Gerrit Dashboard: QTBUG-87059
        # Subject Branch Project Status CR V
        315785,1 WIP: Limit values in parseNumbersArray dev qt/qtsvg Status: ABANDONED -2 0
        315786,1 Limit points' coordinates in QOutlineMapper::convertElements dev qt/qtbase Status: ABANDONED 0 0

        Activity

          People

            Unassigned Unassigned
            rlohning Robert Löhning
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes