1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Limit value in setFontSizeFromValue()

Browse Source 
Avoids overflows in QFreetypeFace::computeSize and
QFontEngineBox::boundingBox

Fixes oss-fuzz issue 30290

Change-Id: If8e9ff74bf706a701e26832ad21b3439a3b437f7
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 976fede67ca4a4d322bc8d2c00266a2e2f1a6e3d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Robert Löhning 2021-02-26 22:37:32 +01:00 committed by Qt Cherry-pick Bot
parent ba0a105c61
commit cc6f0a6c35
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/gui/text/qcssparser.cpp
View File

@ -1143,14 +1143,14 @@ static bool setFontSizeFromValue(QCss::Value value, QFont *font, int *fontSizeAd
s.chop(2);
value.variant = s;
if (value.variant.convert(QMetaType::fromType<qreal>())) {
font->setPointSizeF(value.variant.toReal());
font->setPointSizeF(qBound(qreal(0), value.variant.toReal(), qreal(1 << 24) - 1));
valid = true;
}
} else if (s.endsWith(QLatin1String("px"), Qt::CaseInsensitive)) {
s.chop(2);
value.variant = s;
if (value.variant.convert(QMetaType::fromType<int>())) {
font->setPixelSize(value.variant.toInt());
font->setPixelSize(qBound(0, value.variant.toInt(), (1 << 24) - 1));
valid = true;
}
}