diff options
author | Robert Loehning <robert.loehning@qt.io> | 2020-08-27 16:18:58 +0200 |
---|---|---|
committer | Robert Loehning <robert.loehning@qt.io> | 2020-09-22 08:23:05 +0000 |
commit | 762414400535910d2a5b2e8024cae0c7fbec403f (patch) | |
tree | 603a27bf37d52a8206fcc2dc2cba543fef0b6967 | |
parent | 69eade9854a049e64904e00faf34fe8931510f02 (diff) |
QTextHtmlParserNode: Avoid extreme values for font's pixelsize
They currently cause an integer-overflow in variantHash().
Fixes: oss-fuzz-24702
Change-Id: Ibee4413ca766c8ade9aeff2f2052b82cb9f7d213
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 0bd770fb875d5391dd78df95542c25bd15051938)
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
-rw-r--r-- | src/gui/text/qtexthtmlparser.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/gui/text/qtexthtmlparser.cpp b/src/gui/text/qtexthtmlparser.cpp index 5169c0325a..1167a0a7d5 100644 --- a/src/gui/text/qtexthtmlparser.cpp +++ b/src/gui/text/qtexthtmlparser.cpp @@ -1340,6 +1340,8 @@ void QTextHtmlParserNode::applyCssDeclarations(const QVector<QCss::Declaration> QFont f; int adjustment = -255; extractor.extractFont(&f, &adjustment); + if (f.pixelSize() > INT32_MAX / 2) + f.setPixelSize(INT32_MAX / 2); // avoid even more extreme values charFormat.setFont(f, QTextCharFormat::FontPropertiesSpecifiedOnly); if (adjustment >= -1) |