File 0013-Fix-check-against-division-by-zero.patch of Package libqt5-qtsvg.21342

From 331312867c4a1d90071c77f4a9c5d238d4330d34 Mon Sep 17 00:00:00 2001
From: Robert Loehning <robert.loehning@qt.io>
Date: Tue, 18 Aug 2020 14:41:01 +0200
Subject: [PATCH 13/21] Fix check against division by zero

The squared values must not be zero. Since both are qreal,
this can happen even when neither of them is zero itself.

Fixes: oss-fuzz-24738
Change-Id: I61b2bc891e7e3831d4b6ee68b467db28c4f877d4
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 7f1945c5fb492505db9a43853987eaf805291919)
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit 26357baa20e363839587cce04fc4c91c101a3d3f)
---
 src/svg/qsvghandler.cpp                      |  9 +++++----
 tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp | 20 ++++++++++++++++++++
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index 1a0d0f2..0190e69 100644
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -1529,7 +1529,10 @@ static void pathArc(QPainterPath &path,
                     qreal               y,
                     qreal curx, qreal cury)
 {
-    if (!rx || !ry)
+    const qreal Pr1 = rx * rx;
+    const qreal Pr2 = ry * ry;
+
+    if (!Pr1 || !Pr2)
         return;
 
     qreal sin_th, cos_th;
@@ -1538,7 +1541,7 @@ static void pathArc(QPainterPath &path,
     qreal d, sfactor, sfactor_sq;
     qreal th0, th1, th_arc;
     int i, n_segs;
-    qreal dx, dy, dx1, dy1, Pr1, Pr2, Px, Py, check;
+    qreal dx, dy, dx1, dy1, Px, Py, check;
 
     rx = qAbs(rx);
     ry = qAbs(ry);
@@ -1550,8 +1553,6 @@ static void pathArc(QPainterPath &path,
     dy = (cury - y) / 2.0;
     dx1 =  cos_th * dx + sin_th * dy;
     dy1 = -sin_th * dx + cos_th * dy;
-    Pr1 = rx * rx;
-    Pr2 = ry * ry;
     Px = dx1 * dx1;
     Py = dy1 * dy1;
     /* Spec : check if radii are large enough */
diff --git a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
index 2acc06f..81c57f7 100644
--- a/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
+++ b/tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp
@@ -81,6 +81,8 @@ private slots:
     void styleSheet();
     void duplicateStyleId();
     void oss_fuzz_23731();
+    void oss_fuzz_24131();
+    void oss_fuzz_24738();
 
 #ifndef QT_NO_COMPRESS
     void testGzLoading();
@@ -1534,5 +1536,23 @@ void tst_QSvgRenderer::oss_fuzz_23731()
     QSvgRenderer().load(QByteArray("<svg><path d=\"A4------\">"));
 }
 
+void tst_QSvgRenderer::oss_fuzz_24131()
+{
+    // when configured with "-sanitize undefined", this resulted in:
+    // "runtime error: -nan is outside the range of representable values of type 'int'"
+    // runtime error: signed integer overflow: -2147483648 + -2147483648 cannot be represented in type 'int'
+    QImage image(377, 233, QImage::Format_RGB32);
+    QPainter painter(&image);
+    QSvgRenderer renderer(QByteArray("<svg><path d=\"M- 4 44044404444E-334-\"/></svg>"));
+    renderer.render(&painter);
+}
+
+void tst_QSvgRenderer::oss_fuzz_24738()
+{
+    // when configured with "-sanitize undefined", this resulted in:
+    // "runtime error: division by zero"
+    QSvgRenderer().load(QByteArray("<svg><path d=\"a 2 1e-212.....\">"));
+}
+
 QTEST_MAIN(tst_QSvgRenderer)
 #include "tst_qsvgrenderer.moc"
-- 
2.20.1