Tree - rpms/qt5-qtsvg - CentOS Git server

rpms / qt5-qtsvg

Blame SOURCES/qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch

Blob History Raw

		7357da	`diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp`
		2e2b4f	`index b3d9aaf..402a71f 100644`
		7357da	`--- a/src/svg/qsvghandler.cpp`
		7357da	`+++ b/src/svg/qsvghandler.cpp`
		2e2b4f	`@@ -1614,6 +1614,7 @@ static void pathArc(QPainterPath &path,`
		7357da
		7357da	`static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`{`
		7357da	`+ const int maxElementCount = 0x7fff; // Assume file corruption if more path elements than this`
		7357da	`qreal x0 = 0, y0 = 0; // starting point`
		7357da	`qreal x = 0, y = 0; // current point`
		7357da	`char lastMode = 0;`
		2e2b4f	`@@ -1621,7 +1622,8 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`const QChar *str = dataStr.constData();`
		7357da	`const QChar *end = str + dataStr.size();`
		7357da
		7357da	`- while (str != end) {`
		7357da	`+ bool ok = true;`
		7357da	`+ while (ok && str != end) {`
		7357da	`while (str->isSpace() && (str + 1) != end)`
		7357da	`++str;`
		7357da	`QChar pathElem = *str;`
		2e2b4f	`@@ -1635,14 +1637,13 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`arg.append(0);//dummy`
		7357da	`const qreal *num = arg.constData();`
		7357da	`int count = arg.count();`
		7357da	`- while (count > 0) {`
		7357da	`+ while (ok && count > 0) {`
		7357da	`qreal offsetX = x; // correction offsets`
		7357da	`qreal offsetY = y; // for relative commands`
		7357da	`switch (pathElem.unicode()) {`
		7357da	`case 'm': {`
		7357da	`if (count < 2) {`
		7357da	`- num++;`
		7357da	`- count--;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`x = x0 = num[0] + offsetX;`
		2e2b4f	`@@ -1659,8 +1660,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`break;`
		7357da	`case 'M': {`
		7357da	`if (count < 2) {`
		7357da	`- num++;`
		7357da	`- count--;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`x = x0 = num[0];`
		2e2b4f	`@@ -1686,8 +1686,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`break;`
		7357da	`case 'l': {`
		7357da	`if (count < 2) {`
		7357da	`- num++;`
		7357da	`- count--;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`x = num[0] + offsetX;`
		2e2b4f	`@@ -1700,8 +1699,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`break;`
		7357da	`case 'L': {`
		7357da	`if (count < 2) {`
		7357da	`- num++;`
		7357da	`- count--;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`x = num[0];`
		2e2b4f	`@@ -1741,8 +1739,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`break;`
		7357da	`case 'c': {`
		7357da	`if (count < 6) {`
		7357da	`- num += count;`
		7357da	`- count = 0;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`QPointF c1(num[0] + offsetX, num[1] + offsetY);`
		2e2b4f	`@@ -1758,8 +1755,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`}`
		7357da	`case 'C': {`
		7357da	`if (count < 6) {`
		7357da	`- num += count;`
		7357da	`- count = 0;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`QPointF c1(num[0], num[1]);`
		2e2b4f	`@@ -1775,8 +1771,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`}`
		7357da	`case 's': {`
		7357da	`if (count < 4) {`
		7357da	`- num += count;`
		7357da	`- count = 0;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`QPointF c1;`
		2e2b4f	`@@ -1797,8 +1792,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`}`
		7357da	`case 'S': {`
		7357da	`if (count < 4) {`
		7357da	`- num += count;`
		7357da	`- count = 0;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`QPointF c1;`
		2e2b4f	`@@ -1819,8 +1813,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`}`
		7357da	`case 'q': {`
		7357da	`if (count < 4) {`
		7357da	`- num += count;`
		7357da	`- count = 0;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`QPointF c(num[0] + offsetX, num[1] + offsetY);`
		2e2b4f	`@@ -1835,8 +1828,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`}`
		7357da	`case 'Q': {`
		7357da	`if (count < 4) {`
		7357da	`- num += count;`
		7357da	`- count = 0;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`QPointF c(num[0], num[1]);`
		2e2b4f	`@@ -1851,8 +1843,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`}`
		7357da	`case 't': {`
		7357da	`if (count < 2) {`
		7357da	`- num += count;`
		7357da	`- count = 0;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`QPointF e(num[0] + offsetX, num[1] + offsetY);`
		2e2b4f	`@@ -1872,8 +1863,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`}`
		7357da	`case 'T': {`
		7357da	`if (count < 2) {`
		7357da	`- num += count;`
		7357da	`- count = 0;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`QPointF e(num[0], num[1]);`
		2e2b4f	`@@ -1893,8 +1883,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`}`
		7357da	`case 'a': {`
		7357da	`if (count < 7) {`
		7357da	`- num += count;`
		7357da	`- count = 0;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`qreal rx = (*num++);`
		2e2b4f	`@@ -1916,8 +1905,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`break;`
		7357da	`case 'A': {`
		7357da	`if (count < 7) {`
		7357da	`- num += count;`
		7357da	`- count = 0;`
		7357da	`+ ok = false;`
		7357da	`break;`
		7357da	`}`
		7357da	`qreal rx = (*num++);`
		2e2b4f	`@@ -1938,12 +1926,15 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)`
		7357da	`}`
		7357da	`break;`
		7357da	`default:`
		7357da	`- return false;`
		7357da	`+ ok = false;`
		7357da	`+ break;`
		7357da	`}`
		7357da	`lastMode = pathElem.toLatin1();`
		7357da	`+ if (path.elementCount() > maxElementCount)`
		7357da	`+ ok = false;`
		7357da	`}`
		7357da	`}`
		7357da	`- return true;`
		7357da	`+ return ok;`
		7357da	`}`
		7357da
		7357da	`static bool parseStyle(QSvgNode *node,`
		2e2b4f	`@@ -2979,8 +2970,8 @@ static QSvgNode createPathNode(QSvgNode parent,`
		7357da
		7357da	`QPainterPath qpath;`
		7357da	`qpath.setFillRule(Qt::WindingFill);`
		7357da	`- //XXX do error handling`
		7357da	`- parsePathDataFast(data, qpath);`
		7357da	`+ if (!parsePathDataFast(data, qpath))`
		7357da	`+ qCWarning(lcSvgHandler, "Invalid path data; path truncated.");`
		7357da
		7357da	`QSvgNode *path = new QSvgPath(parent, qpath);`
		7357da	`return path;`

rpms / qt5-qtsvg

Source Code

Blame SOURCES/qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch