diff options
author | Robert Loehning <robert.loehning@qt.io> | 2020-10-09 20:10:13 +0200 |
---|---|---|
committer | Robert Loehning <robert.loehning@qt.io> | 2020-10-12 10:14:52 +0200 |
commit | 1d778a59f781ecf822c9e3f7777b680fea2c4e62 (patch) | |
tree | 149746c91a4baf9280380b42d9666a51bc24d8f0 /src/gui/painting/qcosmeticstroker.cpp | |
parent | 316bf124437f4aaef10c29db5a158092ca7a832a (diff) |
Avoid heap-buffer-overflow
[ChangeLog][QCosmeticStroker] Avoid a heap-buffer-overflow found by oss-
fuzz as issue 25243.
Pick-to: 5.12 5.15
Change-Id: I36112f183241679e172ad1ee531e1b929d6f3815
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Diffstat (limited to 'src/gui/painting/qcosmeticstroker.cpp')
-rw-r--r-- | src/gui/painting/qcosmeticstroker.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/gui/painting/qcosmeticstroker.cpp b/src/gui/painting/qcosmeticstroker.cpp index 001c44696a..74e4fcb96f 100644 --- a/src/gui/painting/qcosmeticstroker.cpp +++ b/src/gui/painting/qcosmeticstroker.cpp @@ -101,7 +101,7 @@ struct Dasher { offset += stroker->patternLength; dashIndex = 0; - while (offset>= pattern[dashIndex]) + while (dashIndex < stroker->patternSize - 1 && offset>= pattern[dashIndex]) ++dashIndex; // qDebug() << " dasher" << offset/64. << reverse << dashIndex; |