Details
-
Bug
-
Resolution: Fixed
-
P2: Important
-
6.1.0, 6.3.0
-
Ubuntu 20.04 LTS
clang 10.0.0
-
dad0d6084 (dev), 232a90dce (6.6), f381dbee1 (6.5)
Description
- Configure Qt with "-sanitize fuzzer-no-link -sanitize undefined" and build it.
Having submodules qtbase and qtsvg is sufficient. - Use this to build the project qtbase/tests/libfuzzer/gui/image/qimage/loadfromdata.
qmake- and cmake-based version lead to the same result. - Run the resulting program passing the attached input file:
./loadfromdata 36218.svg
You'll get output containing lines like:
/home/qtrob/dev/src/qt-dev_07.13-base_svg/qtbase/src/gui/painting/qpaintengine_raster.cpp:538:40: runtime error: -1,84467e+19 is outside the range of representable values of type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-dev_07.13-base_svg/qtbase/src/gui/painting/qpaintengine_raster.cpp:538:40 in qtbase/include/QtGui/6.2.0/QtGui/private/../../../../../../../../src/qt-dev_07.13-base_svg/qtbase/src/gui/painting/qfixed_p.h:90:58: runtime error: signed integer overflow: 2147169024 + 655424 cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior qtbase/include/QtGui/6.2.0/QtGui/private/../../../../../../../../src/qt-dev_07.13-base_svg/qtbase/src/gui/painting/qfixed_p.h:90:58 in
Found by oss-fuzz as issue 36218. Google will publish the details in 89 days.