QTextHtmlParserNode: Limit colspan to avoid segfault

This fixes oss-fuzz issue 29758.

[ChangeLog][QtGui][Text] QTextDocument::setHtml: column spans are
limited to 20480, an arbitrarily high but reasonable value.


Fixes: QTBUG-92463
Pick-to: 5.15 6.0 6.1
Change-Id: Ib759e3e3ac0b0d0d483f8e8ce11002e079db3ace
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/src/gui/text/qtexthtmlparser.cpp b/src/gui/text/qtexthtmlparser.cpp
index ed1c6d97f6..a242d5e645 100644
--- a/src/gui/text/qtexthtmlparser.cpp
+++ b/src/gui/text/qtexthtmlparser.cpp
@@ -1670,7 +1670,7 @@ void QTextHtmlParser::applyAttributes(const QStringList &attributes)
                         node->tableCellRowSpan = qMax(1, node->tableCellRowSpan);
                 } else if (key == QLatin1String("colspan")) {
                     if (setIntAttribute(&node->tableCellColSpan, value))
-                        node->tableCellColSpan = qMax(1, node->tableCellColSpan);
+                        node->tableCellColSpan = qBound(1, node->tableCellColSpan, 20480);
                 }
                 break;
             case Html_table: