rpms/qt5-qtsvg
6
0
Fork 0
Code Issues Pull Requests Releases Activity

rebased the patch

Browse Source
This commit is contained in:
Than Ngo 2022-01-18 17:50:31 +01:00
parent e74b5faafc
commit a04b35c844
1 changed files with 22 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch
View File

@ -1,38 +1,15 @@
From 36cfd9efb9b22b891adee9c48d30202289cfa620 Mon Sep 17 00:00:00 2001 diff -up qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp.orig qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp
From: Eirik Aavitsland <eirik.aavitsland@qt.io> --- qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp.orig 2022-01-18 17:48:18.619191388 +0100
Date: Mon, 25 Oct 2021 14:17:55 +0200 +++ qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp 2022-01-18 17:48:28.755246206 +0100
Subject: [PATCH] Do stricter error checking when parsing path nodes @@ -1615,6 +1615,7 @@ static void pathArc(QPainterPath &path,
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
The SVG spec mandates that path parsing should terminate on the first
error encountered, and an error be reported. To improve the handling
of corrupt files, implement such error handling, and also limit the
number of QPainterPath elements to a reasonable range.
Fixes: QTBUG-96044
Pick-to: 6.2 5.15 5.12
Change-Id: Ic5e65d6b658516d6f1317c72de365c8c7ad81891
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
---
src/svg/qsvghandler.cpp | 59 +++++++++++++++++++++----------------------------
1 file changed, 25 insertions(+), 34 deletions(-)
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index db29211e..dd869ff7 100644
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -1595,6 +1595,7 @@ static void pathArc(QPainterPath &path,
static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
{ {
+ const int maxElementCount = 0x7fff; // Assume file corruption if more path elements than this + const int maxElementCount = 0x7fff; // Assume file corruption if more path elements than this
qreal x0 = 0, y0 = 0; // starting point qreal x0 = 0, y0 = 0; // starting point
qreal x = 0, y = 0; // current point qreal x = 0, y = 0; // current point
char lastMode = 0; char lastMode = 0;
@@ -1602,7 +1603,8 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1622,7 +1623,8 @@ static bool parsePathDataFast(const QStr
const QChar *str = dataStr.constData(); const QChar *str = dataStr.constData();
const QChar *end = str + dataStr.size(); const QChar *end = str + dataStr.size();
@ -42,7 +19,7 @@ index db29211e..dd869ff7 100644
while (str->isSpace() && (str + 1) != end) while (str->isSpace() && (str + 1) != end)
++str; ++str;
QChar pathElem = *str; QChar pathElem = *str;
@@ -1619,14 +1621,13 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1636,14 +1638,13 @@ static bool parsePathDataFast(const QStr
arg.append(0);//dummy arg.append(0);//dummy
const qreal *num = arg.constData(); const qreal *num = arg.constData();
int count = arg.count(); int count = arg.count();
@ -59,7 +36,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
x = x0 = num[0] + offsetX; x = x0 = num[0] + offsetX;
@@ -1643,8 +1644,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1660,8 +1661,7 @@ static bool parsePathDataFast(const QStr
break; break;
case 'M': { case 'M': {
if (count < 2) { if (count < 2) {
@ -69,7 +46,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
x = x0 = num[0]; x = x0 = num[0];
@@ -1670,8 +1670,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1687,8 +1687,7 @@ static bool parsePathDataFast(const QStr
break; break;
case 'l': { case 'l': {
if (count < 2) { if (count < 2) {
@ -79,7 +56,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
x = num[0] + offsetX; x = num[0] + offsetX;
@@ -1684,8 +1683,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1701,8 +1700,7 @@ static bool parsePathDataFast(const QStr
break; break;
case 'L': { case 'L': {
if (count < 2) { if (count < 2) {
@ -89,7 +66,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
x = num[0]; x = num[0];
@@ -1725,8 +1723,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1742,8 +1740,7 @@ static bool parsePathDataFast(const QStr
break; break;
case 'c': { case 'c': {
if (count < 6) { if (count < 6) {
@ -99,7 +76,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
QPointF c1(num[0] + offsetX, num[1] + offsetY); QPointF c1(num[0] + offsetX, num[1] + offsetY);
@@ -1742,8 +1739,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1759,8 +1756,7 @@ static bool parsePathDataFast(const QStr
} }
case 'C': { case 'C': {
if (count < 6) { if (count < 6) {
@ -109,7 +86,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
QPointF c1(num[0], num[1]); QPointF c1(num[0], num[1]);
@@ -1759,8 +1755,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1776,8 +1772,7 @@ static bool parsePathDataFast(const QStr
} }
case 's': { case 's': {
if (count < 4) { if (count < 4) {
@ -119,7 +96,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
QPointF c1; QPointF c1;
@@ -1781,8 +1776,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1798,8 +1793,7 @@ static bool parsePathDataFast(const QStr
} }
case 'S': { case 'S': {
if (count < 4) { if (count < 4) {
@ -129,7 +106,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
QPointF c1; QPointF c1;
@@ -1803,8 +1797,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1820,8 +1814,7 @@ static bool parsePathDataFast(const QStr
} }
case 'q': { case 'q': {
if (count < 4) { if (count < 4) {
@ -139,7 +116,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
QPointF c(num[0] + offsetX, num[1] + offsetY); QPointF c(num[0] + offsetX, num[1] + offsetY);
@@ -1819,8 +1812,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1836,8 +1829,7 @@ static bool parsePathDataFast(const QStr
} }
case 'Q': { case 'Q': {
if (count < 4) { if (count < 4) {
@ -149,7 +126,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
QPointF c(num[0], num[1]); QPointF c(num[0], num[1]);
@@ -1835,8 +1827,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1852,8 +1844,7 @@ static bool parsePathDataFast(const QStr
} }
case 't': { case 't': {
if (count < 2) { if (count < 2) {
@ -159,7 +136,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
QPointF e(num[0] + offsetX, num[1] + offsetY); QPointF e(num[0] + offsetX, num[1] + offsetY);
@@ -1856,8 +1847,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1873,8 +1864,7 @@ static bool parsePathDataFast(const QStr
} }
case 'T': { case 'T': {
if (count < 2) { if (count < 2) {
@ -169,7 +146,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
QPointF e(num[0], num[1]); QPointF e(num[0], num[1]);
@@ -1877,8 +1867,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1894,8 +1884,7 @@ static bool parsePathDataFast(const QStr
} }
case 'a': { case 'a': {
if (count < 7) { if (count < 7) {
@ -179,7 +156,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
qreal rx = (*num++); qreal rx = (*num++);
@@ -1900,8 +1889,7 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1917,8 +1906,7 @@ static bool parsePathDataFast(const QStr
break; break;
case 'A': { case 'A': {
if (count < 7) { if (count < 7) {
@ -189,7 +166,7 @@ index db29211e..dd869ff7 100644
break; break;
} }
qreal rx = (*num++); qreal rx = (*num++);
@@ -1922,12 +1910,15 @@ static bool parsePathDataFast(QStringView dataStr, QPainterPath &path) @@ -1939,12 +1927,15 @@ static bool parsePathDataFast(const QStr
} }
break; break;
default: default:
@ -207,7 +184,7 @@ index db29211e..dd869ff7 100644
} }
static bool parseStyle(QSvgNode *node, static bool parseStyle(QSvgNode *node,
@@ -2985,8 +2976,8 @@ static QSvgNode *createPathNode(QSvgNode *parent, @@ -2980,8 +2971,8 @@ static QSvgNode *createPathNode(QSvgNode
QPainterPath qpath; QPainterPath qpath;
qpath.setFillRule(Qt::WindingFill); qpath.setFillRule(Qt::WindingFill);
@ -218,5 +195,3 @@ index db29211e..dd869ff7 100644
QSvgNode *path = new QSvgPath(parent, qpath); QSvgNode *path = new QSvgPath(parent, qpath);
return path; return path;
--
2.16.3