diff options
author | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2021-06-08 16:49:53 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-06-17 09:58:37 +0000 |
commit | 4dcedb8ca4ae0c9c533997074098297abbfcf1c3 (patch) | |
tree | c0f4e343bcc70edf38d71eb768030524fee882ad | |
parent | e41c100460126d8cb044f11db73b52d6b80f9309 (diff) |
Avoid overflow in text layoutv6.1.2
Fixes oss-fuzz issue 34597.
Fixes: QTBUG-94197
Change-Id: Icabcd5a87b809b6a5ae0f1a696ec3b5dd906886b
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
(cherry picked from commit e473d96e65e7cf3190c6c16acace6359964d0bee)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r-- | src/gui/text/qtextlayout.cpp | 3 | ||||
-rw-r--r-- | tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp | 14 |
2 files changed, 16 insertions, 1 deletions
diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp index c1a27b2556..b633851626 100644 --- a/src/gui/text/qtextlayout.cpp +++ b/src/gui/text/qtextlayout.cpp @@ -1950,7 +1950,8 @@ void QTextLine::layout_helper(int maxGlyphs) if (lbh.currentPosition >= eng->layoutData->string.length() || isBreakableSpace - || attributes[lbh.currentPosition].lineBreak) { + || attributes[lbh.currentPosition].lineBreak + || lbh.tmpData.textWidth >= QFIXED_MAX) { sb_or_ws = true; break; } else if (attributes[lbh.currentPosition].graphemeBoundary) { diff --git a/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp b/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp index 099ccab51c..4b8ba98d04 100644 --- a/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp +++ b/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp @@ -1910,6 +1910,20 @@ void tst_QTextLayout::longText() QFontMetricsF fm(layout.font()); QVERIFY(layout.maximumWidth() - fm.horizontalAdvance(' ') <= QFIXED_MAX); } + + { + QTextLayout layout(QString("AAAAAAAA").repeated(200000)); + layout.setCacheEnabled(true); + layout.beginLayout(); + forever { + QTextLine line = layout.createLine(); + if (!line.isValid()) + break; + } + layout.endLayout(); + QFontMetricsF fm(layout.font()); + QVERIFY(layout.maximumWidth() - fm.horizontalAdvance('A') <= QFIXED_MAX); + } } void tst_QTextLayout::widthOfTabs() |