Cosmetic stroker: avoid overflows for non-finite coordinates

int overflows are usually avoided by clipping the qreal coordinates to the device rect. However the clip function did not handle inf or nan coordinates, so such values would be passed on. Fix by treating any line with such coordinates a fully clipped away, i.e. rejecting it, since it cannot be meaningfully stroked anyway. Fixes oss-fuzz issue 25330. Change-Id: I4646172fc7a7e0a3a5f5cf03ce10ff0fb56b0d03 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> Reviewed-by: Robert Loehning <robert.loehning@qt.io> (cherry picked from commit cfad8a352ae151dd413af1bdea08e25d56309963) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
author: Eirik Aavitsland <eirik.aavitsland@qt.io> 2020-12-01 10:03:19 +0100
committer: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> 2020-12-01 22:15:51 +0000
commit: a34a3526828f592d16755a3b6da02ff8fbf5c32d (patch)
tree: 38c02a0510c6a6c62633bd21a0a18fb93af8709a
parent: 0943ad02419f6215915e4a7c98949d1fd9b08c45 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/gui/painting/qcosmeticstroker.cpp b/src/gui/painting/qcosmeticstroker.cpp
index 291e5d3acf..4f0911a9a4 100644
--- a/src/gui/painting/qcosmeticstroker.cpp
+++ b/src/gui/painting/qcosmeticstroker.cpp
@@ -311,6 +311,8 @@ void QCosmeticStroker::setup()
 // returns true if the whole line gets clipped away
 bool QCosmeticStroker::clipLine(qreal &x1, qreal &y1, qreal &x2, qreal &y2)
 {
+    if (!qIsFinite(x1) || !qIsFinite(y1) || !qIsFinite(x2) || !qIsFinite(y2))
+        return true;
     // basic/rough clipping is done in floating point coordinates to avoid
     // integer overflow problems.
     if (x1 < xmin) {
author	Eirik Aavitsland <eirik.aavitsland@qt.io>	2020-12-01 10:03:19 +0100
committer	Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>	2020-12-01 22:15:51 +0000
commit	a34a3526828f592d16755a3b6da02ff8fbf5c32d (patch)
tree	38c02a0510c6a6c62633bd21a0a18fb93af8709a
parent	0943ad02419f6215915e4a7c98949d1fd9b08c45 (diff)