Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-89172

Integer-overflow in QFixed::fromReal(qreal r) through QImage::.loadFromData(QByteArray);

    XMLWordPrintable

Details

    • 36ccbee34e89d185918a2925444dac11211e5c60 (qt/qtbase/dev) fbcc6a346b81a04f8a5f1a8a05aa973a58a64fc7 (qt/qtbase/6.0) 3a372654ffef322d410a1fd0ba1654046577e030 (qt/tqtc-qtbase/tqtc/lts-5.15) e071eb1302465bd2bd5873cbe407e7550a50a947 (qt/qtbase/5.12)

    Description

      1. Configure Qt with "-sanitize fuzzer-no-link -sanitize undefined" and build it.
      2. Use this to build the project qtbase/tests/libfuzzer/gui/image/qimage/loadfromdata/loadfromdata.pro .
      3. Run the resulting program passing the attached input file:
        ./loadfromdata 25484.svg
        

        You'll get output containing a line like:

        ../../include/QtGui/5.15.3/QtGui/private/../../../../../../../../src/qt-5.15-base_svg-12.07/qtbase/src/gui/painting/qfixed_p.h:71:78: runtime error: 1,77778e+11 is outside the range of representable values of type 'int'
        

      Found by oss-fuzz as issue 25484.

      Attachments

        For Gerrit Dashboard: QTBUG-89172
        # Subject Branch Project Status CR V

        Activity

          People

            vgt Eirik Aavitsland
            rlohning Robert Löhning
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes