diff options
author | Robert Löhning <robert.loehning@qt.io> | 2021-04-06 19:59:48 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-04-07 22:59:52 +0000 |
commit | 917509c91441a6da74e325a73b4637a5fabb4aa1 (patch) | |
tree | 0e92ecbb049f988c74452841978840a03fcef443 /src/gui | |
parent | 87ab4f66f262da746a54a8f63eadceb795b3340b (diff) |
QTextHtmlParserNode: Limit colspan to avoid segfault
This fixes oss-fuzz issue 29758.
[ChangeLog][QtGui][Text] QTextDocument::setHtml: column spans are
limited to 20480, an arbitrarily high but reasonable value.
Fixes: QTBUG-92463
Change-Id: Ib759e3e3ac0b0d0d483f8e8ce11002e079db3ace
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 7473317b52dbc15878d81291faa33f21c20d6ec6)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src/gui')
-rw-r--r-- | src/gui/text/qtexthtmlparser.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/gui/text/qtexthtmlparser.cpp b/src/gui/text/qtexthtmlparser.cpp index 996980b764..2772f8bdc3 100644 --- a/src/gui/text/qtexthtmlparser.cpp +++ b/src/gui/text/qtexthtmlparser.cpp @@ -1671,7 +1671,7 @@ void QTextHtmlParser::applyAttributes(const QStringList &attributes) node->tableCellRowSpan = qMax(1, node->tableCellRowSpan); } else if (key == QLatin1String("colspan")) { if (setIntAttribute(&node->tableCellColSpan, value)) - node->tableCellColSpan = qMax(1, node->tableCellColSpan); + node->tableCellColSpan = qBound(1, node->tableCellColSpan, 20480); } break; case Html_table: |