File 0007-Don-t-divide-by-zero.patch of Package libqt5-qtsvg.29651
From 5030a07eaaafdf86c1d563e0797e2c9369904a66 Mon Sep 17 00:00:00 2001
From: Volker Hilsheimer <volker.hilsheimer@qt.io>
Date: Thu, 9 Jul 2020 10:36:26 +0200
Subject: [PATCH 07/21] Don't divide by zero
Fixes: oss-fuzz-23731
Change-Id: Ib21a32a30f7a204d263e6710f17567d91c6aae79
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit a7941a5b82e1b8397e9d5f20e5a68c8aac37fb51)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 9521e3a8fe68112572ea03750f90bf7ebc9c4da2)
---
src/svg/qsvghandler.cpp | 3 +++
tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp | 8 ++++++++
2 files changed, 11 insertions(+)
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index ab5f9ef..8f5ff0c 100644
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -1529,6 +1529,9 @@ static void pathArc(QPainterPath &path,
qreal y,
qreal curx, qreal cury)
{
+ if (!rx || !ry)
+ return;
+
qreal sin_th, cos_th;
qreal a00, a01, a10, a11;
qreal x0, y0, x1, y1, xc, yc;
diff --git a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
index 9ce5c78..efd80dd 100644
--- a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
+++ b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
@@ -80,6 +80,7 @@ private slots:
void smallFont();
void styleSheet();
void duplicateStyleId();
+ void oss_fuzz_23731();
#ifndef QT_NO_COMPRESS
void testGzLoading();
@@ -1527,5 +1528,12 @@ void tst_QSvgRenderer::duplicateStyleId()
renderer.render(&painter);
}
+void tst_QSvgRenderer::oss_fuzz_23731()
+{
+ // when configured with "-sanitize undefined", this resulted in:
+ // "runtime error: division by zero"
+ QSvgRenderer().load(QByteArray("<svg><path d=\"A4------\">"));
+}
+
QTEST_MAIN(tst_QSvgRenderer)
#include "tst_qsvgrenderer.moc"
--
2.20.1
