Avoid overflow in text layout

Fixes oss-fuzz issue 34597. Fixes: QTBUG-94197 Change-Id: Icabcd5a87b809b6a5ae0f1a696ec3b5dd906886b Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io> Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io> (cherry picked from commit e473d96e65e7cf3190c6c16acace6359964d0bee) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
2021-06-08 16:49:53 +02:00 · 2021-06-08 16:49:53 +02:00 · 4dcedb8ca4
commit 4dcedb8ca4
parent e41c100460
2 changed files with 16 additions and 1 deletions
--- a/src/gui/text/qtextlayout.cpp
+++ b/src/gui/text/qtextlayout.cpp
@ -1950,7 +1950,8 @@ void QTextLine::layout_helper(int maxGlyphs)

                if (lbh.currentPosition >= eng->layoutData->string.length()
                    || isBreakableSpace
-                    || attributes[lbh.currentPosition].lineBreak) {
+                    || attributes[lbh.currentPosition].lineBreak
+                    || lbh.tmpData.textWidth >= QFIXED_MAX) {
                    sb_or_ws = true;
                    break;
                } else if (attributes[lbh.currentPosition].graphemeBoundary) {
--- a/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp
+++ b/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp
@ -1910,6 +1910,20 @@ void tst_QTextLayout::longText()
        QFontMetricsF fm(layout.font());
        QVERIFY(layout.maximumWidth() - fm.horizontalAdvance(' ') <= QFIXED_MAX);
    }
+
+    {
+        QTextLayout layout(QString("AAAAAAAA").repeated(200000));
+        layout.setCacheEnabled(true);
+        layout.beginLayout();
+        forever {
+            QTextLine line = layout.createLine();
+            if (!line.isValid())
+                break;
+        }
+        layout.endLayout();
+        QFontMetricsF fm(layout.font());
+        QVERIFY(layout.maximumWidth() - fm.horizontalAdvance('A') <= QFIXED_MAX);
+    }
 }

 void tst_QTextLayout::widthOfTabs()