diff options
| author | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2020-12-01 10:03:19 +0100 |
|---|---|---|
| committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2020-12-01 18:43:13 +0000 |
| commit | 2ef324521ffbad03445103109c9d094f77a462dc (patch) | |
| tree | a0712b91af4dde213f43835825d9cc26b3f22806 /src/gui/painting | |
| parent | 7c9cb19282cf48d81f316c0fb4650f0811deebc0 (diff) | |
Cosmetic stroker: avoid overflows for non-finite coordinates
int overflows are usually avoided by clipping the qreal coordinates to
the device rect. However the clip function did not handle inf or nan
coordinates, so such values would be passed on. Fix by treating any
line with such coordinates a fully clipped away, i.e. rejecting it,
since it cannot be meaningfully stroked anyway.
Fixes oss-fuzz issue 25330.
Change-Id: I4646172fc7a7e0a3a5f5cf03ce10ff0fb56b0d03
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
(cherry picked from commit cfad8a352ae151dd413af1bdea08e25d56309963)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src/gui/painting')
| -rw-r--r-- | src/gui/painting/qcosmeticstroker.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/gui/painting/qcosmeticstroker.cpp b/src/gui/painting/qcosmeticstroker.cpp index 433fadaa46..2b7ad91ec5 100644 --- a/src/gui/painting/qcosmeticstroker.cpp +++ b/src/gui/painting/qcosmeticstroker.cpp @@ -321,6 +321,8 @@ void QCosmeticStroker::setup() // returns true if the whole line gets clipped away bool QCosmeticStroker::clipLine(qreal &x1, qreal &y1, qreal &x2, qreal &y2) { + if (!qIsFinite(x1) || !qIsFinite(y1) || !qIsFinite(x2) || !qIsFinite(y2)) + return true; // basic/rough clipping is done in floating point coordinates to avoid // integer overflow problems. if (x1 < xmin) { |