diff options
author | Robert Löhning <robert.loehning@qt.io> | 2021-02-26 22:37:32 +0100 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-03-11 21:14:21 +0000 |
commit | cc6f0a6c35aea011b3057fce869cb3fbecbf7048 (patch) | |
tree | 187d58979b8a1f573bd136ac6464725eb290695e /src | |
parent | ba0a105c617ad40f2a3eb2bb2ac2993ed6b11133 (diff) |
Limit value in setFontSizeFromValue()
Avoids overflows in QFreetypeFace::computeSize and
QFontEngineBox::boundingBox
Fixes oss-fuzz issue 30290
Change-Id: If8e9ff74bf706a701e26832ad21b3439a3b437f7
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 976fede67ca4a4d322bc8d2c00266a2e2f1a6e3d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/gui/text/qcssparser.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/gui/text/qcssparser.cpp b/src/gui/text/qcssparser.cpp index 05a5ec4420..46ed67ea7d 100644 --- a/src/gui/text/qcssparser.cpp +++ b/src/gui/text/qcssparser.cpp @@ -1143,14 +1143,14 @@ static bool setFontSizeFromValue(QCss::Value value, QFont *font, int *fontSizeAd s.chop(2); value.variant = s; if (value.variant.convert(QMetaType::fromType<qreal>())) { - font->setPointSizeF(value.variant.toReal()); + font->setPointSizeF(qBound(qreal(0), value.variant.toReal(), qreal(1 << 24) - 1)); valid = true; } } else if (s.endsWith(QLatin1String("px"), Qt::CaseInsensitive)) { s.chop(2); value.variant = s; if (value.variant.convert(QMetaType::fromType<int>())) { - font->setPixelSize(value.variant.toInt()); + font->setPixelSize(qBound(0, value.variant.toInt(), (1 << 24) - 1)); valid = true; } } |