diff options
| author | Matthias Rauter <matthias.rauter@qt.io> | 2023-12-27 13:28:19 +0100 |
|---|---|---|
| committer | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2024-02-20 10:35:01 +0100 |
| commit | eb1ff0e19e846b5b220ca8e4128816b0d032fcf5 (patch) | |
| tree | 10fa0042c10443942063c764e6e0a1a1294c0f97 | |
| parent | 4bf395c10f69a64ea998bbd7b95cf1e03a560bc2 (diff) | |
Fix a crash when SVG files are loaded recursively
This bug was triggered by a test in the resvg:
structure/image/recursive-2.svg
The issue is solved by not loading SVG files in the image element.
This is in line with SVG 1.2 Tiny: "SVG Tiny 1.2 does not allow an
SVG document to be referenced by the 'image' element", see:
https://www.w3.org/TR/SVGTiny12/struct.html#ImageElement
The old behavior can be reproduced by enabling trusted source mode,
currently only by available by setting the environment variable
QT_SVG_ASSUME_TRUSTED_SOURCE. In that case, there is no protection
against recursively loaded SVG files.
Pick-to: 6.7 6.6 6.5
Change-Id: I08a4842cd36d183448b1ad1c19fbfca6339a3dd6
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
| -rw-r--r-- | src/svg/qsvghandler.cpp | 5 | ||||
| -rw-r--r-- | tests/auto/qsvgplugin/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | tests/auto/qsvgplugin/checkers.png | bin | 0 -> 115 bytes | |||
| -rw-r--r-- | tests/auto/qsvgplugin/imageInclude.svg | 6 |
4 files changed, 8 insertions, 4 deletions
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp index a0d804e..99c6a4f 100644 --- a/src/svg/qsvghandler.cpp +++ b/src/svg/qsvghandler.cpp @@ -28,6 +28,7 @@ #include "qtransform.h" #include "qvarlengtharray.h" #include "private/qmath_p.h" +#include "qimagereader.h" #include "float.h" #include <cmath> @@ -2873,7 +2874,9 @@ static QSvgNode *createImageNode(QSvgNode *parent, filename = info.absoluteDir().absoluteFilePath(filename); } } - image = QImage(filename); + + if (handler->trustedSourceMode() || !QImageReader::imageFormat(filename).startsWith("svg")) + image = QImage(filename); } if (image.isNull()) { diff --git a/tests/auto/qsvgplugin/CMakeLists.txt b/tests/auto/qsvgplugin/CMakeLists.txt index ba3cdc4..ffeef84 100644 --- a/tests/auto/qsvgplugin/CMakeLists.txt +++ b/tests/auto/qsvgplugin/CMakeLists.txt @@ -25,6 +25,7 @@ qt_internal_add_test(tst_qsvgplugin set(resources_resource_files "imageInclude.svg" "imageIncludeA.svg" + "checkers.png" "square.svg" "square_size.svg" "square_size_viewbox.svg" diff --git a/tests/auto/qsvgplugin/checkers.png b/tests/auto/qsvgplugin/checkers.png Binary files differnew file mode 100644 index 0000000..191ab3a --- /dev/null +++ b/tests/auto/qsvgplugin/checkers.png diff --git a/tests/auto/qsvgplugin/imageInclude.svg b/tests/auto/qsvgplugin/imageInclude.svg index c78d3fa..4baf775 100644 --- a/tests/auto/qsvgplugin/imageInclude.svg +++ b/tests/auto/qsvgplugin/imageInclude.svg @@ -3,9 +3,9 @@ <svg version="1.0" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 100 100"> <circle cx="50" cy="50" r="25" fill="#00ff00" /> - <image x="0" y="0" width="100" height="100" xlink:href="imageIncludeA.svg" /> - <image x="0" y="0" width="100" height="100" xlink:href="./imageIncludeA.svg" /> - <image x="0" y="0" width="100" height="100" xlink:href=":/imageIncludeA.svg" /> + <image x="0" y="0" width="100" height="100" xlink:href="checkers.png" /> + <image x="0" y="0" width="100" height="100" xlink:href="./checkers.png" /> + <image x="0" y="0" width="100" height="100" xlink:href=":/checkers.png" /> <image x="0" y="0" width="100" height="100" xlink:href="notExisting.svg" /> <image x="0" y="0" width="100" height="100" xlink:href="./notExisting.svg" /> |
