Overview

File 0018-Reject-corrupt-svgs-with-invalid-size.patch of Package libqt5-qtsvg.21342

From 2809f80239d512e4591f3f2ee448a9d81806362c Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
Date: Wed, 14 Oct 2020 09:29:19 +0200
Subject: [PATCH 18/21] Reject corrupt svgs with invalid size

Fixes oss-fuzz-24735.

Change-Id: I626905562d37b1e53bd346b13bd88894401818ca
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit fcbbc73a97fefacace630e83a5c6ee48fa8eec43)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 0afee2870bc4fef180106e80a361da2ef1e3d442)
---
 src/svg/qsvgrenderer.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/svg/qsvgrenderer.cpp b/src/svg/qsvgrenderer.cpp
index d4ad373..635eb0a 100644
--- a/src/svg/qsvgrenderer.cpp
+++ b/src/svg/qsvgrenderer.cpp
@@ -314,6 +314,10 @@ static bool loadDocument(QSvgRenderer *const q,
 {
     delete d->render;
     d->render = QSvgTinyDocument::load(in);
+    if (d->render && !d->render->size().isValid()) {
+        delete d->render;
+        d->render = nullptr;
+    }
     if (d->render && d->render->animated() && d->fps > 0) {
         if (!d->timer)
             d->timer = new QTimer(q);
-- 
2.20.1
openSUSE Build Service is sponsored by
Places