Qt.git - Qt s a cross-platform application framework that is used for developing application software that can be run on various software and hardware platforms with little or no change in the underlying codebase, while still being a native application with native capabilities and speed.

diff options

author	Ademar de Souza Reis Jr <ademar.reis@openbossa.org>	2011-01-21 14:19:00 (GMT)
committer	Samuel Rødal <samuel.rodal@nokia.com>	2011-05-03 14:36:23 (GMT)
commit	004653e63b2c20f32750c54a609572329903d8be (patch)
tree	7ebb04abd8025f4242299f4ef0a17bbd2a5fb9f7 /tests/auto/qfiledialog
parent	36e01e698beb8b5703f5d68f5b2eb9494e11a571 (diff)
download	Qt-004653e63b2c20f32750c54a609572329903d8be.zip Qt-004653e63b2c20f32750c54a609572329903d8be.tar.gz Qt-004653e63b2c20f32750c54a609572329903d8be.tar.bz2

QPainterPath: Ignore calls with NaN/Infinite parameters

QPainterPath can't handle NaNs/Inf inside coordinates, but instead of safely ignoring or aborting an operation, it shows a warning and keeps going on, with undefined behavior. Sometimes leading to infinite loops, leaks or crashes (see qtwebkit example below). This is particularly bad when QPainterPath is used to render content from untrusted sources (web or user data). As an example, there's a qtwebkit bug where the browser crashes when a particular SVG is loaded: https://bugs.webkit.org/show_bug.cgi?id=51698. Please note that "untrusted sources" doesn't apply only to network sources. This behavior can probably be exploited on applications such as file-browsers with previews enabled. Task-number: QTBUG-16664 Signed-off-by: Ademar de Souza Reis Jr <ademar.reis@openbossa.org> Merge-request: 1026 Reviewed-by: Marius Storm-Olsen <marius.storm-olsen@nokia.com> Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@nokia.com> Reviewed-by: Samuel

Diffstat (limited to 'tests/auto/qfiledialog')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: