Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.15.2, 6.1
-
Ubuntu 20.04 LTS
clang 10.0.0
-
36ccbee34e89d185918a2925444dac11211e5c60 (qt/qtbase/dev) fbcc6a346b81a04f8a5f1a8a05aa973a58a64fc7 (qt/qtbase/6.0) 3a372654ffef322d410a1fd0ba1654046577e030 (qt/tqtc-qtbase/tqtc/lts-5.15) e071eb1302465bd2bd5873cbe407e7550a50a947 (qt/qtbase/5.12)
Description
- Configure Qt with "-sanitize fuzzer-no-link -sanitize undefined" and build it.
- Use this to build the project qtbase/tests/libfuzzer/gui/image/qimage/loadfromdata/loadfromdata.pro .
- Run the resulting program passing the attached input file:
./loadfromdata 25484.svg
You'll get output containing a line like:
../../include/QtGui/5.15.3/QtGui/private/../../../../../../../../src/qt-5.15-base_svg-12.07/qtbase/src/gui/painting/qfixed_p.h:71:78: runtime error: 1,77778e+11 is outside the range of representable values of type 'int'
Found by oss-fuzz as issue 25484.
Attachments
For Gerrit Dashboard: QTBUG-89172 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
326325,2 | Avoid overflowing QFixed in text layout | dev | qt/qtbase | Status: MERGED | +2 | 0 |
326613,1 | Avoid overflowing QFixed in text layout | 5.15 | qt/qtbase | Status: ABANDONED | +2 | 0 |
326614,2 | Avoid overflowing QFixed in text layout | 6.0 | qt/qtbase | Status: MERGED | +2 | 0 |
326615,2 | Avoid overflowing QFixed in text layout | 5.12 | qt/qtbase | Status: MERGED | +2 | 0 |
330056,2 | Avoid overflowing QFixed in text layout | tqtc/lts-5.15 | qt/tqtc-qtbase | Status: MERGED | +2 | 0 |
348597,2 | Avoid overflowing QFixed in text layout | 5.12.11 | qt/qtbase | Status: MERGED | +2 | 0 |