Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: P2: Important
Fix Version/s: None
Affects Version/s: 6.1.0, 6.3.0
Component/s: SVG Support
Labels:
- found_by_oss-fuzz
Environment:
Ubuntu 20.04 LTS
clang 10.0.0

Description

Configure Qt with "-sanitize fuzzer-no-link -sanitize undefined" and build it.
Having submodules qtbase and qtsvg is sufficient.
Use this to build the project qtbase/tests/libfuzzer/gui/image/qimage/loadfromdata.
qmake- and cmake-based version lead to the same result.

Run the resulting program passing the attached input file:

./loadfromdata 36218.svg

You'll get output containing lines like:

/home/qtrob/dev/src/qt-dev_07.13-base_svg/qtbase/src/gui/painting/qpaintengine_raster.cpp:538:40: runtime error: -1,84467e+19 is outside the range of representable values of type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-dev_07.13-base_svg/qtbase/src/gui/painting/qpaintengine_raster.cpp:538:40 in 
qtbase/include/QtGui/6.2.0/QtGui/private/../../../../../../../../src/qt-dev_07.13-base_svg/qtbase/src/gui/painting/qfixed_p.h:90:58: runtime error: signed integer overflow: 2147169024 + 655424 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior qtbase/include/QtGui/6.2.0/QtGui/private/../../../../../../../../src/qt-dev_07.13-base_svg/qtbase/src/gui/painting/qfixed_p.h:90:58 in

Found by oss-fuzz as issue 36218. Google will publish the details in 89 days.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

36218.svg
16 Jul '21 11:40
8 kB
Robert Löhning

Activity

People

Assignee:: Qt Graphics Team

Reporter:: Robert Löhning

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16 Jul '21 11:43

Updated:: 08 Mar '23 06:42