Check returns of hex2int in get_hex_rgb

Avoids undefined behavior when trying to shift negative values. Fixes: oss-fuzz-21860 Fixes: oss-fuzz-23968 Change-Id: I879c97624e3f8ba9cf01e0a3a682379cd8c4a199 Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit 3094bcc3c5a30635289f534884965d39ac35a11a) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
2020-07-08 19:32:48 +02:00 · 2020-07-08 19:32:48 +02:00 · df65a30d5c
commit df65a30d5c
parent 5b2f753884
2 changed files with 5 additions and 0 deletions
--- a/src/gui/painting/qcolor.cpp
+++ b/src/gui/painting/qcolor.cpp
@ -88,6 +88,8 @@ static bool get_hex_rgb(const char *name, size_t len, QRgba64 *rgb)
        r = hex2int(name + 0, 3);
        g = hex2int(name + 3, 3);
        b = hex2int(name + 6, 3);
+        if (r == -1 || g == -1 || b == -1)
+            return false;
        r = (r << 4) | (r >> 8);
        g = (g << 4) | (g >> 8);
        b = (b << 4) | (b >> 8);
--- a/tests/auto/gui/painting/qcolor/tst_qcolor.cpp
+++ b/tests/auto/gui/painting/qcolor/tst_qcolor.cpp
@ -324,6 +324,9 @@ void tst_QColor::namehex_data()
    QTest::newRow("transparent red") << "#66ff0000" << QColor(255, 0, 0, 102);
    QTest::newRow("invalid red") << "#gg0000" << QColor();
    QTest::newRow("invalid transparent") << "#gg00ff00" << QColor();
+    // when configured with "-sanitize undefined", this resulted in:
+    // "runtime error: left shift of negative value -1"
+    QTest::newRow("oss-fuzz 23968") << "#ÿÿÿÿÿÿÿÿÿ" << QColor();
 }

 void tst_QColor::namehex()