From 1d778a59f781ecf822c9e3f7777b680fea2c4e62 Mon Sep 17 00:00:00 2001
From: Robert Loehning <robert.loehning@qt.io>
Date: Fri, 9 Oct 2020 20:10:13 +0200
Subject: Avoid heap-buffer-overflow

[ChangeLog][QCosmeticStroker] Avoid a heap-buffer-overflow found by oss-
fuzz as issue 25243.

Pick-to: 5.12 5.15
Change-Id: I36112f183241679e172ad1ee531e1b929d6f3815
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
---
 src/gui/painting/qcosmeticstroker.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/gui/painting/qcosmeticstroker.cpp b/src/gui/painting/qcosmeticstroker.cpp
index 001c44696a..74e4fcb96f 100644
--- a/src/gui/painting/qcosmeticstroker.cpp
+++ b/src/gui/painting/qcosmeticstroker.cpp
@@ -101,7 +101,7 @@ struct Dasher {
             offset += stroker->patternLength;
 
         dashIndex = 0;
-        while (offset>= pattern[dashIndex])
+        while (dashIndex < stroker->patternSize - 1 && offset>= pattern[dashIndex])
             ++dashIndex;
 
 //        qDebug() << "   dasher" << offset/64. << reverse << dashIndex;
-- 
cgit v1.2.3