From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Thu, 4 Mar 2021 13:28:48 +0000 (+0100)
Subject: [PATCH] Clamp parsed doubles to float representable values
X-Git-Tag: archive/raspbian/4%4.8.7+dfsg-18+rpi1+deb10u2^2~56
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=1424972b3735a7836b6ab936cbb8383eca2f32f5;p=qt4-x11.git

[PATCH] Clamp parsed doubles to float representable values

Parts of our rendering assumes incoming doubles can still be sane
floats.

Fixes: QTBUG-91507
Change-Id: I7086a121e1b5ed47695a1251ea90e774dd8f148d
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit bfd6ee0d8cf34b63d32adf10ed93daa0086b359f)

Gbp-Pq: Name CVE-2021-3481.patch
---

diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index 7378e9628..a0c4a4fca 100644
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -2946,6 +2946,8 @@ static QSvgStyleProperty *createRadialGradientNode(QSvgNode *node,
         ncy = toDouble(cy);
     if (!r.isEmpty())
         nr = toDouble(r);
+    if (nr < 0.5)
+        nr = 0.5;
 
     qreal nfx = ncx;
     if (!fx.isEmpty())