diff options
author | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2021-06-08 16:49:53 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-06-21 11:14:06 +0000 |
commit | cbb3572fa65a8bd0310cf1be9940057c9aafbf7e (patch) | |
tree | bd585561d261410f2405edba327d5c1a0d463bc9 | |
parent | 7be133d0f5b85ad87313bdb48e50aa1fdc76efd1 (diff) |
Avoid overflow in text layout
Fixes oss-fuzz issue 34597.
Fixes: QTBUG-94197
Change-Id: Icabcd5a87b809b6a5ae0f1a696ec3b5dd906886b
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
(cherry picked from commit e473d96e65e7cf3190c6c16acace6359964d0bee)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r-- | src/gui/text/qtextlayout.cpp | 3 | ||||
-rw-r--r-- | tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp | 14 |
2 files changed, 16 insertions, 1 deletions
diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp index 48f26f8665..1ce35c2ff2 100644 --- a/src/gui/text/qtextlayout.cpp +++ b/src/gui/text/qtextlayout.cpp @@ -1937,7 +1937,8 @@ void QTextLine::layout_helper(int maxGlyphs) if (lbh.currentPosition >= eng->layoutData->string.length() || isBreakableSpace - || attributes[lbh.currentPosition].lineBreak) { + || attributes[lbh.currentPosition].lineBreak + || lbh.tmpData.textWidth >= QFIXED_MAX) { sb_or_ws = true; break; } else if (attributes[lbh.currentPosition].graphemeBoundary) { diff --git a/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp b/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp index 099ccab51c..4b8ba98d04 100644 --- a/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp +++ b/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp @@ -1910,6 +1910,20 @@ void tst_QTextLayout::longText() QFontMetricsF fm(layout.font()); QVERIFY(layout.maximumWidth() - fm.horizontalAdvance(' ') <= QFIXED_MAX); } + + { + QTextLayout layout(QString("AAAAAAAA").repeated(200000)); + layout.setCacheEnabled(true); + layout.beginLayout(); + forever { + QTextLine line = layout.createLine(); + if (!line.isValid()) + break; + } + layout.endLayout(); + QFontMetricsF fm(layout.font()); + QVERIFY(layout.maximumWidth() - fm.horizontalAdvance('A') <= QFIXED_MAX); + } } void tst_QTextLayout::widthOfTabs() |