From 762414400535910d2a5b2e8024cae0c7fbec403f Mon Sep 17 00:00:00 2001
From: Robert Loehning <robert.loehning@qt.io>
Date: Thu, 27 Aug 2020 16:18:58 +0200
Subject: QTextHtmlParserNode: Avoid extreme values for font's pixelsize

They currently cause an integer-overflow in variantHash().

Fixes: oss-fuzz-24702
Change-Id: Ibee4413ca766c8ade9aeff2f2052b82cb9f7d213
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 0bd770fb875d5391dd78df95542c25bd15051938)
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
---
 src/gui/text/qtexthtmlparser.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/gui/text/qtexthtmlparser.cpp b/src/gui/text/qtexthtmlparser.cpp
index 5169c0325a..1167a0a7d5 100644
--- a/src/gui/text/qtexthtmlparser.cpp
+++ b/src/gui/text/qtexthtmlparser.cpp
@@ -1340,6 +1340,8 @@ void QTextHtmlParserNode::applyCssDeclarations(const QVector<QCss::Declaration>
     QFont f;
     int adjustment = -255;
     extractor.extractFont(&f, &adjustment);
+    if (f.pixelSize() > INT32_MAX / 2)
+        f.setPixelSize(INT32_MAX / 2);   // avoid even more extreme values
     charFormat.setFont(f, QTextCharFormat::FontPropertiesSpecifiedOnly);
 
     if (adjustment >= -1)
-- 
cgit v1.2.3