From e4d401765e154ab85a06215654dd2101d5f00e3b Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Thu, 4 Mar 2021 14:28:48 +0100
Subject: [PATCH] [PATCH] Clamp parsed doubles to float representable values
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Parts of our rendering assumes incoming doubles can still be sane
floats.

Fixes: QTBUG-91507
Change-Id: I7086a121e1b5ed47695a1251ea90e774dd8f148d
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit bfd6ee0d8cf34b63d32adf10ed93daa0086b359f)

Gbp-Pq: Name CVE-2021-3481.patch
---
 src/svg/qsvghandler.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index 7378e9628..a0c4a4fca 100644
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -2946,6 +2946,8 @@ static QSvgStyleProperty *createRadialGradientNode(QSvgNode *node,
         ncy = toDouble(cy);
     if (!r.isEmpty())
         nr = toDouble(r);
+    if (nr < 0.5)
+        nr = 0.5;
 
     qreal nfx = ncx;
     if (!fx.isEmpty())
-- 
2.30.2