rebased the patch
This commit is contained in:
Than Ngo
parent
e74b5faafc
commit
a04b35c844
@ -1,38 +1,15 @@
|
|||||||
From 36cfd9efb9b22b891adee9c48d30202289cfa620 Mon Sep 17 00:00:00 2001
|
diff -up qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp.orig qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp
|
||||||
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
|
--- qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp.orig 2022-01-18 17:48:18.619191388 +0100
|
||||||
Date: Mon, 25 Oct 2021 14:17:55 +0200
|
+++ qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp 2022-01-18 17:48:28.755246206 +0100
|
||||||
Subject: [PATCH] Do stricter error checking when parsing path nodes
|
@@ -1615,6 +1615,7 @@ static void pathArc(QPainterPath &path,
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=utf8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
The SVG spec mandates that path parsing should terminate on the first
|
static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
|
||||||
error encountered, and an error be reported. To improve the handling
|
|
||||||
of corrupt files, implement such error handling, and also limit the
|
|
||||||
number of QPainterPath elements to a reasonable range.
|
|
||||||
|
|
||||||
Fixes: QTBUG-96044
|
|
||||||
Pick-to: 6.2 5.15 5.12
|
|
||||||
Change-Id: Ic5e65d6b658516d6f1317c72de365c8c7ad81891
|
|
||||||
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
||||||
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
|
|
||||||
---
|
|
||||||
src/svg/qsvghandler.cpp | 59 +++++++++++++++++++++----------------------------
|
|
||||||
1 file changed, 25 insertions(+), 34 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
|
|
||||||
index db29211e..dd869ff7 100644
|
|
||||||
--- a/src/svg/qsvghandler.cpp
|
|
||||||
+++ b/src/svg/qsvghandler.cpp
|
|
||||||
@@ -1595,6 +1595,7 @@ static void pathArc(QPainterPath &path,
|
|
||||||
|
|
||||||
static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
|
||||||
{
|
{
|
||||||
+ const int maxElementCount = 0x7fff; // Assume file corruption if more path elements than this
|
+ const int maxElementCount = 0x7fff; // Assume file corruption if more path elements than this
|
||||||
qreal x0 = 0, y0 = 0; // starting point
|
qreal x0 = 0, y0 = 0; // starting point
|
||||||
qreal x = 0, y = 0; // current point
|
qreal x = 0, y = 0; // current point
|
||||||
char lastMode = 0;
|
char lastMode = 0;
|
||||||
@@ -1602,7 +1603,8 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1622,7 +1623,8 @@ static bool parsePathDataFast(const QStr
|
||||||
const QChar *str = dataStr.constData();
|
const QChar *str = dataStr.constData();
|
||||||
const QChar *end = str + dataStr.size();
|
const QChar *end = str + dataStr.size();
|
||||||
|
|
||||||
@ -42,7 +19,7 @@ index db29211e..dd869ff7 100644
|
|||||||
while (str->isSpace() && (str + 1) != end)
|
while (str->isSpace() && (str + 1) != end)
|
||||||
++str;
|
++str;
|
||||||
QChar pathElem = *str;
|
QChar pathElem = *str;
|
||||||
@@ -1619,14 +1621,13 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1636,14 +1638,13 @@ static bool parsePathDataFast(const QStr
|
||||||
arg.append(0);//dummy
|
arg.append(0);//dummy
|
||||||
const qreal *num = arg.constData();
|
const qreal *num = arg.constData();
|
||||||
int count = arg.count();
|
int count = arg.count();
|
||||||
@ -59,7 +36,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
x = x0 = num[0] + offsetX;
|
x = x0 = num[0] + offsetX;
|
||||||
@@ -1643,8 +1644,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1660,8 +1661,7 @@ static bool parsePathDataFast(const QStr
|
||||||
break;
|
break;
|
||||||
case 'M': {
|
case 'M': {
|
||||||
if (count < 2) {
|
if (count < 2) {
|
||||||
@ -69,7 +46,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
x = x0 = num[0];
|
x = x0 = num[0];
|
||||||
@@ -1670,8 +1670,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1687,8 +1687,7 @@ static bool parsePathDataFast(const QStr
|
||||||
break;
|
break;
|
||||||
case 'l': {
|
case 'l': {
|
||||||
if (count < 2) {
|
if (count < 2) {
|
||||||
@ -79,7 +56,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
x = num[0] + offsetX;
|
x = num[0] + offsetX;
|
||||||
@@ -1684,8 +1683,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1701,8 +1700,7 @@ static bool parsePathDataFast(const QStr
|
||||||
break;
|
break;
|
||||||
case 'L': {
|
case 'L': {
|
||||||
if (count < 2) {
|
if (count < 2) {
|
||||||
@ -89,7 +66,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
x = num[0];
|
x = num[0];
|
||||||
@@ -1725,8 +1723,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1742,8 +1740,7 @@ static bool parsePathDataFast(const QStr
|
||||||
break;
|
break;
|
||||||
case 'c': {
|
case 'c': {
|
||||||
if (count < 6) {
|
if (count < 6) {
|
||||||
@ -99,7 +76,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
QPointF c1(num[0] + offsetX, num[1] + offsetY);
|
QPointF c1(num[0] + offsetX, num[1] + offsetY);
|
||||||
@@ -1742,8 +1739,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1759,8 +1756,7 @@ static bool parsePathDataFast(const QStr
|
||||||
}
|
}
|
||||||
case 'C': {
|
case 'C': {
|
||||||
if (count < 6) {
|
if (count < 6) {
|
||||||
@ -109,7 +86,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
QPointF c1(num[0], num[1]);
|
QPointF c1(num[0], num[1]);
|
||||||
@@ -1759,8 +1755,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1776,8 +1772,7 @@ static bool parsePathDataFast(const QStr
|
||||||
}
|
}
|
||||||
case 's': {
|
case 's': {
|
||||||
if (count < 4) {
|
if (count < 4) {
|
||||||
@ -119,7 +96,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
QPointF c1;
|
QPointF c1;
|
||||||
@@ -1781,8 +1776,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1798,8 +1793,7 @@ static bool parsePathDataFast(const QStr
|
||||||
}
|
}
|
||||||
case 'S': {
|
case 'S': {
|
||||||
if (count < 4) {
|
if (count < 4) {
|
||||||
@ -129,7 +106,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
QPointF c1;
|
QPointF c1;
|
||||||
@@ -1803,8 +1797,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1820,8 +1814,7 @@ static bool parsePathDataFast(const QStr
|
||||||
}
|
}
|
||||||
case 'q': {
|
case 'q': {
|
||||||
if (count < 4) {
|
if (count < 4) {
|
||||||
@ -139,7 +116,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
QPointF c(num[0] + offsetX, num[1] + offsetY);
|
QPointF c(num[0] + offsetX, num[1] + offsetY);
|
||||||
@@ -1819,8 +1812,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1836,8 +1829,7 @@ static bool parsePathDataFast(const QStr
|
||||||
}
|
}
|
||||||
case 'Q': {
|
case 'Q': {
|
||||||
if (count < 4) {
|
if (count < 4) {
|
||||||
@ -149,7 +126,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
QPointF c(num[0], num[1]);
|
QPointF c(num[0], num[1]);
|
||||||
@@ -1835,8 +1827,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1852,8 +1844,7 @@ static bool parsePathDataFast(const QStr
|
||||||
}
|
}
|
||||||
case 't': {
|
case 't': {
|
||||||
if (count < 2) {
|
if (count < 2) {
|
||||||
@ -159,7 +136,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
QPointF e(num[0] + offsetX, num[1] + offsetY);
|
QPointF e(num[0] + offsetX, num[1] + offsetY);
|
||||||
@@ -1856,8 +1847,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1873,8 +1864,7 @@ static bool parsePathDataFast(const QStr
|
||||||
}
|
}
|
||||||
case 'T': {
|
case 'T': {
|
||||||
if (count < 2) {
|
if (count < 2) {
|
||||||
@ -169,7 +146,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
QPointF e(num[0], num[1]);
|
QPointF e(num[0], num[1]);
|
||||||
@@ -1877,8 +1867,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1894,8 +1884,7 @@ static bool parsePathDataFast(const QStr
|
||||||
}
|
}
|
||||||
case 'a': {
|
case 'a': {
|
||||||
if (count < 7) {
|
if (count < 7) {
|
||||||
@ -179,7 +156,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
qreal rx = (*num++);
|
qreal rx = (*num++);
|
||||||
@@ -1900,8 +1889,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1917,8 +1906,7 @@ static bool parsePathDataFast(const QStr
|
||||||
break;
|
break;
|
||||||
case 'A': {
|
case 'A': {
|
||||||
if (count < 7) {
|
if (count < 7) {
|
||||||
@ -189,7 +166,7 @@ index db29211e..dd869ff7 100644
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
qreal rx = (*num++);
|
qreal rx = (*num++);
|
||||||
@@ -1922,12 +1910,15 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path)
|
@@ -1939,12 +1927,15 @@ static bool parsePathDataFast(const QStr
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
@ -207,7 +184,7 @@ index db29211e..dd869ff7 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
static bool parseStyle(QSvgNode *node,
|
static bool parseStyle(QSvgNode *node,
|
||||||
@@ -2985,8 +2976,8 @@ static QSvgNode *createPathNode(QSvgNode *parent,
|
@@ -2980,8 +2971,8 @@ static QSvgNode *createPathNode(QSvgNode
|
||||||
|
|
||||||
QPainterPath qpath;
|
QPainterPath qpath;
|
||||||
qpath.setFillRule(Qt::WindingFill);
|
qpath.setFillRule(Qt::WindingFill);
|
||||||
@ -218,5 +195,3 @@ index db29211e..dd869ff7 100644
|
|||||||
|
|
||||||
QSvgNode *path = new QSvgPath(parent, qpath);
|
QSvgNode *path = new QSvgPath(parent, qpath);
|
||||||
return path;
|
return path;
|
||||||
--
|
|
||||||
2.16.3
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user