projects / qt4-x11.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e9ef381)
[PATCH] Clamp parsed doubles to float representable values
authorAllan Sandfeld Jensen <allan.jensen@qt.io>
Thu, 4 Mar 2021 13:28:48 +0000 (14:28 +0100)
committerRoberto C. Sánchez <roberto@debian.org>
Tue, 22 Aug 2023 13:42:24 +0000 (14:42 +0100)
Parts of our rendering assumes incoming doubles can still be sane
floats.

Fixes: QTBUG-91507
Change-Id: I7086a121e1b5ed47695a1251ea90e774dd8f148d
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit bfd6ee0d8cf34b63d32adf10ed93daa0086b359f)

Gbp-Pq: Name CVE-2021-3481.patch

src/svg/qsvghandler.cpp patch | blob | history

diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index 7378e9628289350b25951668655daaf28d5f90a3..a0c4a4fca39f5fe2b1f5ec98447feb8d132858ad 100644 (file)
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -2946,6 +2946,8 @@ static QSvgStyleProperty *createRadialGradientNode(QSvgNode *node,
         ncy = toDouble(cy);
     if (!r.isEmpty())
         nr = toDouble(r);
+    if (nr < 0.5)
+        nr = 0.5;
 
     qreal nfx = ncx;
     if (!fx.isEmpty())
Unnamed repository; edit this file 'description' to name the repository.