Don't crash QML image on bad source
This commit is contained in:
parent
b80565c9f4
commit
aa3df7d95b
@ -11,7 +11,7 @@
|
||||
Summary: Qt6 - Support for rendering and displaying SVG
|
||||
Name: qt6-%{qt_module}
|
||||
Version: 6.6.0
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
|
||||
License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0
|
||||
Url: http://www.qt.io
|
||||
@ -24,6 +24,12 @@ Source0: https://download.qt.io/development_releases/qt/%{majmin}/%{qt_version}/
|
||||
Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz
|
||||
%endif
|
||||
|
||||
# QTBUG-117944
|
||||
# QML Image bad source crashes application instead of error status (QSvgHandler::parse)
|
||||
Patch0: qtsvg-fix-nullptr-dereference-with-invalid-svg.patch
|
||||
Patch1: qtsvg-make-sure-we-dont-load-invalid-svg-twice.patch
|
||||
Patch2: qtsvg-verify-loading-of-invalid-svg-files-dont-crash.patch
|
||||
|
||||
# filter plugin provides
|
||||
%global __provides_exclude_from ^%{_qt6_plugindir}/.*\\.so$
|
||||
|
||||
@ -114,6 +120,9 @@ popd
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Oct 18 2023 Jan Grulich <jgrulich@redhat.com> - 6.6.0-3
|
||||
- Don't crash QML image on bad source
|
||||
|
||||
* Tue Oct 17 2023 Jan Grulich <jgrulich@redhat.com> - 6.6.0-2
|
||||
- Re-enable examples
|
||||
|
||||
|
26
qtsvg-fix-nullptr-dereference-with-invalid-svg.patch
Normal file
26
qtsvg-fix-nullptr-dereference-with-invalid-svg.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From effc44495a33babd4cf7a2044123f420e6b3da1c Mon Sep 17 00:00:00 2001
|
||||
From: Paul Olav Tvete <paul.tvete@qt.io>
|
||||
Date: Tue, 10 Oct 2023 10:14:22 +0200
|
||||
Subject: [PATCH] Fix nullptr dereference with invalid SVG
|
||||
|
||||
Fixes: QTBUG-117944
|
||||
Pick-to: 6.5 6.2
|
||||
Change-Id: I9059dc28c750fc0585f1fb982152b211c323c6cd
|
||||
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
|
||||
(cherry picked from commit edc8ca7f1e45302223b4b7962a57a30918f84c8d)
|
||||
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
||||
---
|
||||
|
||||
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
|
||||
index 2649422..335500a 100644
|
||||
--- a/src/svg/qsvghandler.cpp
|
||||
+++ b/src/svg/qsvghandler.cpp
|
||||
@@ -3606,6 +3606,8 @@
|
||||
|
||||
static bool detectCycles(const QSvgNode *node, QList<const QSvgUse *> active = {})
|
||||
{
|
||||
+ if (Q_UNLIKELY(!node))
|
||||
+ return false;
|
||||
switch (node->type()) {
|
||||
case QSvgNode::DOC:
|
||||
case QSvgNode::G:
|
76
qtsvg-make-sure-we-dont-load-invalid-svg-twice.patch
Normal file
76
qtsvg-make-sure-we-dont-load-invalid-svg-twice.patch
Normal file
@ -0,0 +1,76 @@
|
||||
From 0bfb420574f192a097c7ab3dbdd452b39464dc84 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Olav Tvete <paul.tvete@qt.io>
|
||||
Date: Tue, 10 Oct 2023 11:41:41 +0200
|
||||
Subject: [PATCH] Make sure we don't load invalid SVGs twice
|
||||
|
||||
Fixes a bug where loading an invalid SVG that happens
|
||||
to be valid XML could behave differently in QML and C++,
|
||||
because readimage() in qquickpixmapcache.cpp calls
|
||||
QImageReader::size() twice.
|
||||
|
||||
Task-number: QTBUG-117944
|
||||
Pick-to: 6.5
|
||||
Change-Id: Ibef7f54627c76414c66f81804f5f46f2db3594ba
|
||||
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
|
||||
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
||||
(cherry picked from commit a090bd1f9a7bfa14f06b14570c6a5a37843931c6)
|
||||
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
||||
---
|
||||
|
||||
diff --git a/src/plugins/imageformats/svg/qsvgiohandler.cpp b/src/plugins/imageformats/svg/qsvgiohandler.cpp
|
||||
index b04ee6b..570c982 100644
|
||||
--- a/src/plugins/imageformats/svg/qsvgiohandler.cpp
|
||||
+++ b/src/plugins/imageformats/svg/qsvgiohandler.cpp
|
||||
@@ -19,7 +19,7 @@
|
||||
{
|
||||
public:
|
||||
QSvgIOHandlerPrivate(QSvgIOHandler *qq)
|
||||
- : q(qq), loaded(false), readDone(false), backColor(Qt::transparent)
|
||||
+ : q(qq), loadAttempted(false), loadStatus(false), readDone(false), backColor(Qt::transparent)
|
||||
{}
|
||||
|
||||
bool load(QIODevice *device);
|
||||
@@ -31,7 +31,8 @@
|
||||
QRect clipRect;
|
||||
QSize scaledSize;
|
||||
QRect scaledClipRect;
|
||||
- bool loaded;
|
||||
+ bool loadAttempted;
|
||||
+ bool loadStatus;
|
||||
bool readDone;
|
||||
QColor backColor;
|
||||
};
|
||||
@@ -39,8 +40,9 @@
|
||||
|
||||
bool QSvgIOHandlerPrivate::load(QIODevice *device)
|
||||
{
|
||||
- if (loaded)
|
||||
- return true;
|
||||
+ if (loadAttempted)
|
||||
+ return loadStatus;
|
||||
+ loadAttempted = true;
|
||||
if (q->format().isEmpty())
|
||||
q->canRead();
|
||||
|
||||
@@ -63,10 +65,10 @@
|
||||
|
||||
if (res) {
|
||||
defaultSize = r.defaultSize();
|
||||
- loaded = true;
|
||||
+ loadStatus = true;
|
||||
}
|
||||
|
||||
- return loaded;
|
||||
+ return loadStatus;
|
||||
}
|
||||
|
||||
|
||||
@@ -105,7 +107,7 @@
|
||||
{
|
||||
if (!device())
|
||||
return false;
|
||||
- if (d->loaded && !d->readDone)
|
||||
+ if (d->loadStatus && !d->readDone)
|
||||
return true; // Will happen if we have been asked for the size
|
||||
|
||||
bool isCompressed = false;
|
115
qtsvg-verify-loading-of-invalid-svg-files-dont-crash.patch
Normal file
115
qtsvg-verify-loading-of-invalid-svg-files-dont-crash.patch
Normal file
@ -0,0 +1,115 @@
|
||||
From f12f893931603bb6561149d813ca88b86e169ffd Mon Sep 17 00:00:00 2001
|
||||
From: Paul Olav Tvete <paul.tvete@qt.io>
|
||||
Date: Tue, 10 Oct 2023 14:25:19 +0200
|
||||
Subject: [PATCH] Verify that loading of invalid SVG files don't crash
|
||||
|
||||
Also verify that we don't try to load invalid SVGs
|
||||
twice.
|
||||
|
||||
Pick-to: 6.5
|
||||
Task-number: QTBUG-117944
|
||||
Change-Id: If3938384940112510d64a675f58c1e4e97e74986
|
||||
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
|
||||
(cherry picked from commit 7eb8f63915a470b89b96eb274252543a22e774a7)
|
||||
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
||||
---
|
||||
|
||||
diff --git a/tests/auto/qsvgplugin/CMakeLists.txt b/tests/auto/qsvgplugin/CMakeLists.txt
|
||||
index e678708..c913cd3 100644
|
||||
--- a/tests/auto/qsvgplugin/CMakeLists.txt
|
||||
+++ b/tests/auto/qsvgplugin/CMakeLists.txt
|
||||
@@ -37,6 +37,9 @@
|
||||
"simple_Utf16BE.svg"
|
||||
"simple_Utf32LE.svg"
|
||||
"simple_Utf32BE.svg"
|
||||
+ "invalid_xml.svg"
|
||||
+ "xml_not_svg.svg"
|
||||
+ "invalid_then_valid.svg"
|
||||
)
|
||||
|
||||
qt_internal_add_resource(tst_qsvgplugin "resources"
|
||||
diff --git a/tests/auto/qsvgplugin/invalid_then_valid.svg b/tests/auto/qsvgplugin/invalid_then_valid.svg
|
||||
new file mode 100644
|
||||
index 0000000..d09f598
|
||||
--- /dev/null
|
||||
+++ b/tests/auto/qsvgplugin/invalid_then_valid.svg
|
||||
@@ -0,0 +1,18 @@
|
||||
+<!-- html-header type=current begin -->
|
||||
+
|
||||
+ <!DOCTYPE html>
|
||||
+
|
||||
+ <html lang="en">
|
||||
+ <head>
|
||||
+ <!-- Render IE9 -->
|
||||
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
|
||||
+ </head>
|
||||
+
|
||||
+<body class="anon comments ">
|
||||
+
|
||||
+</body></html>
|
||||
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
|
||||
+<svg version="1.0" xmlns="http://www.w3.org/2000/svg">
|
||||
+ <circle cx="50" cy="50" r="25" fill="#00ff00" />
|
||||
+</svg>
|
||||
diff --git a/tests/auto/qsvgplugin/invalid_xml.svg b/tests/auto/qsvgplugin/invalid_xml.svg
|
||||
new file mode 100644
|
||||
index 0000000..e0814ae
|
||||
--- /dev/null
|
||||
+++ b/tests/auto/qsvgplugin/invalid_xml.svg
|
||||
@@ -0,0 +1,2 @@
|
||||
+<!--abcd
|
||||
+
|
||||
diff --git a/tests/auto/qsvgplugin/tst_qsvgplugin.cpp b/tests/auto/qsvgplugin/tst_qsvgplugin.cpp
|
||||
index 8bb401d..762d373 100644
|
||||
--- a/tests/auto/qsvgplugin/tst_qsvgplugin.cpp
|
||||
+++ b/tests/auto/qsvgplugin/tst_qsvgplugin.cpp
|
||||
@@ -67,6 +67,9 @@
|
||||
QTest::newRow("wide_size") << QFINDTESTDATA("wide_size.svg") << 100 << 200;
|
||||
QTest::newRow("wide_size_viewbox") << QFINDTESTDATA("wide_size_viewbox.svg") << 100 << 200;
|
||||
QTest::newRow("wide_viewbox") << QFINDTESTDATA("wide_viewbox.svg") << 50 << 100;
|
||||
+ QTest::newRow("invalid_xml") << QFINDTESTDATA("invalid_xml.svg") << 0 << 0;
|
||||
+ QTest::newRow("xml_not_svg") << QFINDTESTDATA("xml_not_svg.svg") << 0 << 0;
|
||||
+ QTest::newRow("invalid_then_valid") << QFINDTESTDATA("invalid_then_valid.svg") << 0 << 0;
|
||||
}
|
||||
|
||||
void tst_QSvgPlugin::checkSize()
|
||||
@@ -84,10 +87,19 @@
|
||||
QImage image;
|
||||
plugin.read(&image);
|
||||
|
||||
+ // Check that plugin survives double load
|
||||
+ QVariant sizeVariant = plugin.option(QImageIOHandler::Size);
|
||||
+
|
||||
file.close();
|
||||
|
||||
QCOMPARE(imageHeight, image.height());
|
||||
QCOMPARE(imageWidth, image.width());
|
||||
+
|
||||
+ QSize size = qvariant_cast<QSize>(sizeVariant);
|
||||
+ if (size.isEmpty())
|
||||
+ size = QSize(0, 0); // don't distinguish between null and invalid QSize
|
||||
+ QCOMPARE(size.width(), imageWidth);
|
||||
+ QCOMPARE(size.height(), imageHeight);
|
||||
}
|
||||
|
||||
void tst_QSvgPlugin::checkImageInclude()
|
||||
diff --git a/tests/auto/qsvgplugin/xml_not_svg.svg b/tests/auto/qsvgplugin/xml_not_svg.svg
|
||||
new file mode 100644
|
||||
index 0000000..ccefc72
|
||||
--- /dev/null
|
||||
+++ b/tests/auto/qsvgplugin/xml_not_svg.svg
|
||||
@@ -0,0 +1,13 @@
|
||||
+<!-- html-header type=current begin -->
|
||||
+
|
||||
+ <!DOCTYPE html>
|
||||
+
|
||||
+ <html lang="en">
|
||||
+ <head>
|
||||
+ <!-- Render IE9 -->
|
||||
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
|
||||
+ </head>
|
||||
+
|
||||
+<body class="anon comments ">
|
||||
+
|
||||
+</body></html>
|
Loading…
Reference in New Issue
Block a user