From a04b35c84461b3e44698b6a12c9cfc229b382f96 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Tue, 18 Jan 2022 17:50:31 +0100 Subject: [PATCH] rebased the patch --- ...ror-checking-when-parsing-path-nodes.patch | 69 ++++++------------- 1 file changed, 22 insertions(+), 47 deletions(-) diff --git a/qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch b/qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch index 06eba66..1b365b7 100644 --- a/qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch +++ b/qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch @@ -1,38 +1,15 @@ -From 36cfd9efb9b22b891adee9c48d30202289cfa620 Mon Sep 17 00:00:00 2001 -From: Eirik Aavitsland -Date: Mon, 25 Oct 2021 14:17:55 +0200 -Subject: [PATCH] Do stricter error checking when parsing path nodes -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf8 -Content-Transfer-Encoding: 8bit - -The SVG spec mandates that path parsing should terminate on the first -error encountered, and an error be reported. To improve the handling -of corrupt files, implement such error handling, and also limit the -number of QPainterPath elements to a reasonable range. - -Fixes: QTBUG-96044 -Pick-to: 6.2 5.15 5.12 -Change-Id: Ic5e65d6b658516d6f1317c72de365c8c7ad81891 -Reviewed-by: Allan Sandfeld Jensen -Reviewed-by: Robert Löhning ---- - src/svg/qsvghandler.cpp | 59 +++++++++++++++++++++---------------------------- - 1 file changed, 25 insertions(+), 34 deletions(-) - -diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp -index db29211e..dd869ff7 100644 ---- a/src/svg/qsvghandler.cpp -+++ b/src/svg/qsvghandler.cpp -@@ -1595,6 +1595,7 @@ static void pathArc(QPainterPath &path, +diff -up qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp.orig qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp +--- qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp.orig 2022-01-18 17:48:18.619191388 +0100 ++++ qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp 2022-01-18 17:48:28.755246206 +0100 +@@ -1615,6 +1615,7 @@ static void pathArc(QPainterPath &path, - static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) + static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) { + const int maxElementCount = 0x7fff; // Assume file corruption if more path elements than this qreal x0 = 0, y0 = 0; // starting point qreal x = 0, y = 0; // current point char lastMode = 0; -@@ -1602,7 +1603,8 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1622,7 +1623,8 @@ static bool parsePathDataFast(const QStr const QChar *str = dataStr.constData(); const QChar *end = str + dataStr.size(); @@ -42,7 +19,7 @@ index db29211e..dd869ff7 100644 while (str->isSpace() && (str + 1) != end) ++str; QChar pathElem = *str; -@@ -1619,14 +1621,13 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1636,14 +1638,13 @@ static bool parsePathDataFast(const QStr arg.append(0);//dummy const qreal *num = arg.constData(); int count = arg.count(); @@ -59,7 +36,7 @@ index db29211e..dd869ff7 100644 break; } x = x0 = num[0] + offsetX; -@@ -1643,8 +1644,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1660,8 +1661,7 @@ static bool parsePathDataFast(const QStr break; case 'M': { if (count < 2) { @@ -69,7 +46,7 @@ index db29211e..dd869ff7 100644 break; } x = x0 = num[0]; -@@ -1670,8 +1670,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1687,8 +1687,7 @@ static bool parsePathDataFast(const QStr break; case 'l': { if (count < 2) { @@ -79,7 +56,7 @@ index db29211e..dd869ff7 100644 break; } x = num[0] + offsetX; -@@ -1684,8 +1683,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1701,8 +1700,7 @@ static bool parsePathDataFast(const QStr break; case 'L': { if (count < 2) { @@ -89,7 +66,7 @@ index db29211e..dd869ff7 100644 break; } x = num[0]; -@@ -1725,8 +1723,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1742,8 +1740,7 @@ static bool parsePathDataFast(const QStr break; case 'c': { if (count < 6) { @@ -99,7 +76,7 @@ index db29211e..dd869ff7 100644 break; } QPointF c1(num[0] + offsetX, num[1] + offsetY); -@@ -1742,8 +1739,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1759,8 +1756,7 @@ static bool parsePathDataFast(const QStr } case 'C': { if (count < 6) { @@ -109,7 +86,7 @@ index db29211e..dd869ff7 100644 break; } QPointF c1(num[0], num[1]); -@@ -1759,8 +1755,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1776,8 +1772,7 @@ static bool parsePathDataFast(const QStr } case 's': { if (count < 4) { @@ -119,7 +96,7 @@ index db29211e..dd869ff7 100644 break; } QPointF c1; -@@ -1781,8 +1776,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1798,8 +1793,7 @@ static bool parsePathDataFast(const QStr } case 'S': { if (count < 4) { @@ -129,7 +106,7 @@ index db29211e..dd869ff7 100644 break; } QPointF c1; -@@ -1803,8 +1797,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1820,8 +1814,7 @@ static bool parsePathDataFast(const QStr } case 'q': { if (count < 4) { @@ -139,7 +116,7 @@ index db29211e..dd869ff7 100644 break; } QPointF c(num[0] + offsetX, num[1] + offsetY); -@@ -1819,8 +1812,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1836,8 +1829,7 @@ static bool parsePathDataFast(const QStr } case 'Q': { if (count < 4) { @@ -149,7 +126,7 @@ index db29211e..dd869ff7 100644 break; } QPointF c(num[0], num[1]); -@@ -1835,8 +1827,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1852,8 +1844,7 @@ static bool parsePathDataFast(const QStr } case 't': { if (count < 2) { @@ -159,7 +136,7 @@ index db29211e..dd869ff7 100644 break; } QPointF e(num[0] + offsetX, num[1] + offsetY); -@@ -1856,8 +1847,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1873,8 +1864,7 @@ static bool parsePathDataFast(const QStr } case 'T': { if (count < 2) { @@ -169,7 +146,7 @@ index db29211e..dd869ff7 100644 break; } QPointF e(num[0], num[1]); -@@ -1877,8 +1867,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1894,8 +1884,7 @@ static bool parsePathDataFast(const QStr } case 'a': { if (count < 7) { @@ -179,7 +156,7 @@ index db29211e..dd869ff7 100644 break; } qreal rx = (*num++); -@@ -1900,8 +1889,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1917,8 +1906,7 @@ static bool parsePathDataFast(const QStr break; case 'A': { if (count < 7) { @@ -189,7 +166,7 @@ index db29211e..dd869ff7 100644 break; } qreal rx = (*num++); -@@ -1922,12 +1910,15 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) +@@ -1939,12 +1927,15 @@ static bool parsePathDataFast(const QStr } break; default: @@ -207,7 +184,7 @@ index db29211e..dd869ff7 100644 } static bool parseStyle(QSvgNode *node, -@@ -2985,8 +2976,8 @@ static QSvgNode *createPathNode(QSvgNode *parent, +@@ -2980,8 +2971,8 @@ static QSvgNode *createPathNode(QSvgNode QPainterPath qpath; qpath.setFillRule(Qt::WindingFill); @@ -218,5 +195,3 @@ index db29211e..dd869ff7 100644 QSvgNode *path = new QSvgPath(parent, qpath); return path; --- -2.16.3