Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
6.2.0, 6.4
-
Ubuntu 20.04 LTS
g++ 9.3.0, clang 10
-
1749388cdc (qt/qtsvg/dev) 1749388cdc (qt/tqtc-qtsvg/dev) c80de46664 (qt/tqtc-qtsvg/5.15) 980b4d27bd (qt/qtsvg/6.2) 2f70896980 (qt/qtsvg/6.3) 980b4d27bd (qt/qtsvg/6.2.3) 980b4d27bd (qt/tqtc-qtsvg/6.2) 980b4d27bd (qt/tqtc-qtsvg/6.2.3)
Description
- Have a build of Qt including qtsvg.
No sanitizers needed. - Build the attached project.
qt-cmake -S /tmp/report/ && cmake --build .
- Run the resulting program and pass the input file.
time ./report /tmp/report/41331.svg
You will see error messages and it will take too long until the program returns:
qt.svg: link #a is undefined! qt.svg: link #-polytonc is undefined! qt.svg: link # is undefined! qt.svg: link # is undefined! qt.svg: link #directionc is undefined! real 0m18,880s user 0m16,749s sys 0m0,072s
While it runs, the program fully occupies a CPU core.
When built on Qt 6.1.3, the program returns immediately:
qt.svg: link #a is undefined! qt.svg: link #-polytonc is undefined! qt.svg: link # is undefined! qt.svg: link # is undefined! qt.svg: link #directionc is undefined! real 0m1,139s user 0m0,061s sys 0m0,042s
Google's oss-fuzz found this as issue 41331. They will publish the report on February 21st.
Attachments
Issue Links
- resulted in
-
QTBUG-107670 [REG 6.2.2 -> 6.2.3] Integer overflow in gui/painting when drawing svg image
- Reported