Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP3:Update
libqt5-qtsvg
0004-Fix-stack-overflow-in-QSvgHandler-resolveG...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0004-Fix-stack-overflow-in-QSvgHandler-resolveGradients.patch of Package libqt5-qtsvg
From e0d6cdc9858db3107127370155de863e605b4a2f Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen <allan.jensen@qt.io> Date: Tue, 23 Jun 2020 10:27:37 +0200 Subject: [PATCH 04/21] Fix stack overflow in QSvgHandler::resolveGradients Add a maximum to how deep it will nest. Fixes oss-fuzz 23643 Change-Id: I6183c04f65a539a6c7df42bc7346a86ee58aca6c Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit 6b86b5de893e9885f8288af5a096444b30fa2628) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 2603105f7c9f99a04096ecba47b33b9cae80d795) --- src/svg/qsvghandler.cpp | 10 ++++++---- src/svg/qsvghandler_p.h | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp index 885ae9e..2029a72 100644 --- a/src/svg/qsvghandler.cpp +++ b/src/svg/qsvghandler.cpp @@ -3857,16 +3857,17 @@ bool QSvgHandler::endElement(const QStringRef &localName) return true; } -void QSvgHandler::resolveGradients(QSvgNode *node) +void QSvgHandler::resolveGradients(QSvgNode *node, int nestedDepth) { if (!node || (node->type() != QSvgNode::DOC && node->type() != QSvgNode::G && node->type() != QSvgNode::DEFS && node->type() != QSvgNode::SWITCH)) { return; } + QSvgStructureNode *structureNode = static_cast<QSvgStructureNode *>(node); - QList<QSvgNode *> ren = structureNode->renderers(); - for (QList<QSvgNode *>::iterator it = ren.begin(); it != ren.end(); ++it) { + const QList<QSvgNode *> ren = structureNode->renderers(); + for (auto it = ren.begin(); it != ren.end(); ++it) { QSvgFillStyle *fill = static_cast<QSvgFillStyle *>((*it)->styleProperty(QSvgStyleProperty::FILL)); if (fill && !fill->isGradientResolved()) { QString id = fill->gradientId(); @@ -3891,7 +3892,8 @@ void QSvgHandler::resolveGradients(QSvgNode *node) } } - resolveGradients(*it); + if (nestedDepth < 2048) + resolveGradients(*it, nestedDepth + 1); } } diff --git a/src/svg/qsvghandler_p.h b/src/svg/qsvghandler_p.h index 8eb061b..1b16950 100644 --- a/src/svg/qsvghandler_p.h +++ b/src/svg/qsvghandler_p.h @@ -178,7 +178,7 @@ private: QCss::Parser m_cssParser; #endif void parse(); - void resolveGradients(QSvgNode *node); + void resolveGradients(QSvgNode *node, int nestedDepth = 0); void resolveNodes(); QPen m_defaultPen; -- 2.20.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor