summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEirik Aavitsland <eirik.aavitsland@qt.io>2021-06-08 16:49:53 +0200
committerQt Cherry-pick Bot <cherrypick_bot@qt-project.org>2021-06-17 09:58:37 +0000
commit4dcedb8ca4ae0c9c533997074098297abbfcf1c3 (patch)
treec0f4e343bcc70edf38d71eb768030524fee882ad
parente41c100460126d8cb044f11db73b52d6b80f9309 (diff)
Avoid overflow in text layoutv6.1.2
Fixes oss-fuzz issue 34597. Fixes: QTBUG-94197 Change-Id: Icabcd5a87b809b6a5ae0f1a696ec3b5dd906886b Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io> Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io> (cherry picked from commit e473d96e65e7cf3190c6c16acace6359964d0bee) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r--src/gui/text/qtextlayout.cpp3
-rw-r--r--tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp14
2 files changed, 16 insertions, 1 deletions
diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp
index c1a27b2556..b633851626 100644
--- a/src/gui/text/qtextlayout.cpp
+++ b/src/gui/text/qtextlayout.cpp
@@ -1950,7 +1950,8 @@ void QTextLine::layout_helper(int maxGlyphs)
if (lbh.currentPosition >= eng->layoutData->string.length()
|| isBreakableSpace
- || attributes[lbh.currentPosition].lineBreak) {
+ || attributes[lbh.currentPosition].lineBreak
+ || lbh.tmpData.textWidth >= QFIXED_MAX) {
sb_or_ws = true;
break;
} else if (attributes[lbh.currentPosition].graphemeBoundary) {
diff --git a/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp b/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp
index 099ccab51c..4b8ba98d04 100644
--- a/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp
+++ b/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp
@@ -1910,6 +1910,20 @@ void tst_QTextLayout::longText()
QFontMetricsF fm(layout.font());
QVERIFY(layout.maximumWidth() - fm.horizontalAdvance(' ') <= QFIXED_MAX);
}
+
+ {
+ QTextLayout layout(QString("AAAAAAAA").repeated(200000));
+ layout.setCacheEnabled(true);
+ layout.beginLayout();
+ forever {
+ QTextLine line = layout.createLine();
+ if (!line.isValid())
+ break;
+ }
+ layout.endLayout();
+ QFontMetricsF fm(layout.font());
+ QVERIFY(layout.maximumWidth() - fm.horizontalAdvance('A') <= QFIXED_MAX);
+ }
}
void tst_QTextLayout::widthOfTabs()