diff options
author | Robert Loehning <robert.loehning@qt.io> | 2020-07-08 19:32:48 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2020-07-31 13:08:24 +0000 |
commit | df65a30d5c13174600ce8bdd9347bca37cf1e77b (patch) | |
tree | b442988def8d2532bf4d23d3cad717bb58891eb7 | |
parent | 5b2f75388424995925a0e45654a0d509b290aaa0 (diff) |
Check returns of hex2int in get_hex_rgb
Avoids undefined behavior when trying to shift negative values.
Fixes: oss-fuzz-21860
Fixes: oss-fuzz-23968
Change-Id: I879c97624e3f8ba9cf01e0a3a682379cd8c4a199
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit 3094bcc3c5a30635289f534884965d39ac35a11a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r-- | src/gui/painting/qcolor.cpp | 2 | ||||
-rw-r--r-- | tests/auto/gui/painting/qcolor/tst_qcolor.cpp | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/src/gui/painting/qcolor.cpp b/src/gui/painting/qcolor.cpp index e5bac84df9..858eba4621 100644 --- a/src/gui/painting/qcolor.cpp +++ b/src/gui/painting/qcolor.cpp @@ -88,6 +88,8 @@ static bool get_hex_rgb(const char *name, size_t len, QRgba64 *rgb) r = hex2int(name + 0, 3); g = hex2int(name + 3, 3); b = hex2int(name + 6, 3); + if (r == -1 || g == -1 || b == -1) + return false; r = (r << 4) | (r >> 8); g = (g << 4) | (g >> 8); b = (b << 4) | (b >> 8); diff --git a/tests/auto/gui/painting/qcolor/tst_qcolor.cpp b/tests/auto/gui/painting/qcolor/tst_qcolor.cpp index 17289e0b85..f5bfa683d6 100644 --- a/tests/auto/gui/painting/qcolor/tst_qcolor.cpp +++ b/tests/auto/gui/painting/qcolor/tst_qcolor.cpp @@ -324,6 +324,9 @@ void tst_QColor::namehex_data() QTest::newRow("transparent red") << "#66ff0000" << QColor(255, 0, 0, 102); QTest::newRow("invalid red") << "#gg0000" << QColor(); QTest::newRow("invalid transparent") << "#gg00ff00" << QColor(); + // when configured with "-sanitize undefined", this resulted in: + // "runtime error: left shift of negative value -1" + QTest::newRow("oss-fuzz 23968") << "#ÿÿÿÿÿÿÿÿÿ" << QColor(); } void tst_QColor::namehex() |