From 4dcedb8ca4ae0c9c533997074098297abbfcf1c3 Mon Sep 17 00:00:00 2001 From: Eirik Aavitsland Date: Tue, 8 Jun 2021 16:49:53 +0200 Subject: Avoid overflow in text layout Fixes oss-fuzz issue 34597. Fixes: QTBUG-94197 Change-Id: Icabcd5a87b809b6a5ae0f1a696ec3b5dd906886b Reviewed-by: Eirik Aavitsland Reviewed-by: Eskil Abrahamsen Blomfeldt (cherry picked from commit e473d96e65e7cf3190c6c16acace6359964d0bee) Reviewed-by: Qt Cherry-pick Bot --- src/gui/text/qtextlayout.cpp | 3 ++- tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp index c1a27b2556..b633851626 100644 --- a/src/gui/text/qtextlayout.cpp +++ b/src/gui/text/qtextlayout.cpp @@ -1950,7 +1950,8 @@ void QTextLine::layout_helper(int maxGlyphs) if (lbh.currentPosition >= eng->layoutData->string.length() || isBreakableSpace - || attributes[lbh.currentPosition].lineBreak) { + || attributes[lbh.currentPosition].lineBreak + || lbh.tmpData.textWidth >= QFIXED_MAX) { sb_or_ws = true; break; } else if (attributes[lbh.currentPosition].graphemeBoundary) { diff --git a/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp b/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp index 099ccab51c..4b8ba98d04 100644 --- a/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp +++ b/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp @@ -1910,6 +1910,20 @@ void tst_QTextLayout::longText() QFontMetricsF fm(layout.font()); QVERIFY(layout.maximumWidth() - fm.horizontalAdvance(' ') <= QFIXED_MAX); } + + { + QTextLayout layout(QString("AAAAAAAA").repeated(200000)); + layout.setCacheEnabled(true); + layout.beginLayout(); + forever { + QTextLine line = layout.createLine(); + if (!line.isValid()) + break; + } + layout.endLayout(); + QFontMetricsF fm(layout.font()); + QVERIFY(layout.maximumWidth() - fm.horizontalAdvance('A') <= QFIXED_MAX); + } } void tst_QTextLayout::widthOfTabs() -- cgit v1.2.3