summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobert Loehning <robert.loehning@qt.io>2020-08-27 16:18:58 +0200
committerRobert Loehning <robert.loehning@qt.io>2020-09-22 08:23:05 +0000
commit762414400535910d2a5b2e8024cae0c7fbec403f (patch)
tree603a27bf37d52a8206fcc2dc2cba543fef0b6967
parent69eade9854a049e64904e00faf34fe8931510f02 (diff)
QTextHtmlParserNode: Avoid extreme values for font's pixelsize
They currently cause an integer-overflow in variantHash(). Fixes: oss-fuzz-24702 Change-Id: Ibee4413ca766c8ade9aeff2f2052b82cb9f7d213 Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> (cherry picked from commit 0bd770fb875d5391dd78df95542c25bd15051938) Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Diffstat
-rw-r--r--src/gui/text/qtexthtmlparser.cpp2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/gui/text/qtexthtmlparser.cpp b/src/gui/text/qtexthtmlparser.cpp
index 5169c0325a..1167a0a7d5 100644
--- a/src/gui/text/qtexthtmlparser.cpp
+++ b/src/gui/text/qtexthtmlparser.cpp
@@ -1340,6 +1340,8 @@ void QTextHtmlParserNode::applyCssDeclarations(const QVector<QCss::Declaration>
QFont f;
int adjustment = -255;
extractor.extractFont(&f, &adjustment);
+ if (f.pixelSize() > INT32_MAX / 2)
+ f.setPixelSize(INT32_MAX / 2); // avoid even more extreme values
charFormat.setFont(f, QTextCharFormat::FontPropertiesSpecifiedOnly);
if (adjustment >= -1)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-06 09:35:42 +0000