diff options
| author | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2021-01-26 17:29:08 +0100 |
|---|---|---|
| committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-02-11 06:18:32 +0000 |
| commit | 69e0205bcb29adf5cf0a1c978f1f11514356a3fc (patch) | |
| tree | 63b32f57cec724eb6776654389ab91c2d8e62523 /src/gui | |
| parent | 3fec6597a5d718f5aa2ba5976b9175635a191ca0 (diff) | |
Avoid overflow in text layout
Fixes oss-fuzz issue 29313.
Change-Id: Idbabd162fa9e0dbce687981bdbcc75be37189a61
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
(cherry picked from commit bfc09b8d8fa6c1a397aff458c644ed424754adf0)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src/gui')
| -rw-r--r-- | src/gui/text/qtextlayout.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp index d303219bb9..b2b87fb92e 100644 --- a/src/gui/text/qtextlayout.cpp +++ b/src/gui/text/qtextlayout.cpp @@ -820,6 +820,10 @@ QTextLine QTextLayout::createLine() int l = d->lines.size(); if (l && d->lines.at(l-1).length < 0) { QTextLine(l-1, d).setNumColumns(INT_MAX); + if (d->maxWidth > QFIXED_MAX / 2) { + qWarning("QTextLayout: text too long, truncated."); + return QTextLine(); + } } int from = l > 0 ? d->lines.at(l-1).from + d->lines.at(l-1).length + d->lines.at(l-1).trailingSpaces : 0; int strlen = d->layoutData->string.length(); |