diff options
author | Volker Hilsheimer <volker.hilsheimer@qt.io> | 2021-07-21 10:15:09 +0200 |
---|---|---|
committer | Volker Hilsheimer <volker.hilsheimer@qt.io> | 2021-07-21 15:53:18 +0200 |
commit | 1ee9496679ea2bf4d043937b83aa72a1b5bb6977 (patch) | |
tree | 1efa55dc42af3a63ea5ce2fd8901cc6fddbaf05d /src/gui/text | |
parent | 6ebe3d0f0806069f906522dfe9b81baa3f3478de (diff) |
Prevent array-out-of-bounds access
Fixes static analyzer warning 12b19393e18b2394a398806f633c6eee, and
amends a1a6e3d21b1a4fb799dfd245fed6bb6564178894.
In the process, replace the "int& *= double" with correct integer
arithmetic that'll produce the intended result without going via
double.
Done-with: Edward Welbourne <edward.welbourne@qt.io>
Pick-to: 6.2
Task-number: QTBUG-8096
Change-Id: Ib2aa8ae46a1bfd4d121e61cf99141c0311502215
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src/gui/text')
-rw-r--r-- | src/gui/text/qcssparser.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/gui/text/qcssparser.cpp b/src/gui/text/qcssparser.cpp index 62e14e92bb..574436d6f6 100644 --- a/src/gui/text/qcssparser.cpp +++ b/src/gui/text/qcssparser.cpp @@ -1601,13 +1601,17 @@ QSize Declaration::sizeValue() const int x[2] = { 0, 0 }; const int count = d->values.count(); for (int i = 0; i < count; ++i) { + if (i > 1) { + qWarning("QCssParser::sizeValue: Too many values provided"); + break; + } const auto &value = d->values.at(i); const QString valueString = value.variant.toString(); if (valueString.endsWith(u"pt", Qt::CaseInsensitive)) { intValueHelper(value, &x[i], "pt"); // according to https://www.w3.org/TR/css3-values/#absolute-lengths // 1pt = 1/72th of 1 inch, and 1px = 1/96th of 1 inch - x[i] *= 72.0/96.0; + x[i] = (x[i] * 72) / 96; } else { // by default we use 'px' intValueHelper(value, &x[i], "px"); |