Allan Sandfeld Jensen authored Mar 01, 2019 and Albert Astals Cid committed Jan 03, 2023

Pick-to: 6.4 6.2 5.15
Change-Id: I8e864ab4213d65866b0004f115f4e7c7bf7173d5
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
(cherry picked from commit 6acc5212)

* asturmlechner 2022-09-08: Resolve conflict with dev branch commit
    50457678

    vals is of type QList in dev branch instead of QVector.

Eskil Abrahamsen Blomfeldt authored Jul 06, 2022 and Albert Astals Cid committed Jan 03, 2023

With some broken input files, we can end up with a matrix
that scales or translates so far that it ends up with
NaNs or Infs. This causes undefined behavior later when
doing comparisons. We protect against this by checking
for matrix validity after transforming and resetting the
matrix if it becomes invalid.

Pick-to: 5.15 6.2 6.3 6.4
Fixes: QTBUG-101698
Change-Id: Iabc745c1e7a0c36449f14c4c6d9bc8066eaa8eac
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
(cherry picked from commit 1b5ab506)

Eirik Aavitsland authored Jan 05, 2022 and Albert Astals Cid committed Jan 03, 2023

A QSvghandler may be created either with an external QXmlStreamReader
object, or with a bytearray/iodevice, in which case it will create its
own stream reader. The check to end parisng at the </svg> tag was
active only in the first case. This could result in different behavior
when reading an svg image from file vs. reading it from a bytearray
or resource.

Fixes: QTBUG-99407
Pick-to: 6.3 6.2 5.15
Change-Id: I187b39256f2b16ea952a3ae1b77c067ff96e4155
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
(cherry picked from commit 1749388c)

Eirik Aavitsland authored Oct 25, 2021 and Albert Astals Cid committed Jan 03, 2023

Add an upper limit for height and width at 0xffff, same as jpeg.

Fixes: QTBUG-95891
Pick-to: 6.2 5.15 5.12
Change-Id: I0dbc80dab3aab9b4743548772fb63fa69ea21f8a
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit e544d8e4)

asturmlechner 2022-01-03: resolve conflict with preceding dev branch
  commit 0003ec68.

Allan Sandfeld Jensen authored Mar 05, 2021 and Albert Astals Cid committed Jan 03, 2023

Negative r values are illegal, and zero means empty for circles.

Pick-to: 6.1
Change-Id: Icb1d932f35909f71dafe1ee69eb2250eeb1bb2ad
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 4a88e194)

Albert Astals Cid authored Oct 11, 2021 and Albert Astals Cid committed Jan 03, 2023

Fixes: QTBUG-97421
Pick-to: 6.2
Change-Id: I41f3cbf8e747530a67fe5074a988ba49aeb43b8e
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
(cherry picked from commit fc1e1878)

Albert Astals Cid authored Oct 11, 2021 and Albert Astals Cid committed Jan 03, 2023

Fixes: QTBUG-97422
Pick-to: 6.2
Change-Id: I4df2af0e657f241af69480e6e30d454870df51d8
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
(cherry picked from commit 4531aad9)

Robert Löhning authored Feb 17, 2021 and Albert Astals Cid committed Jan 03, 2023

Fixes oss-fuzz issue 29873.

Pick-to: 6.0 6.1
Change-Id: I382683aa2d7d3cf2d05a0b8c41ebf21d032fbd7c
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
(cherry picked from commit afde7ca3)

Change-Id: I6bfe5e884af627eb1f94853a8916b7824f964c40

Change-Id: I2b40c314384daa08cbb82df568bd2b5716b59291

Change-Id: If8c2bd3ed78ecf1384015f3376a958ec13d502cf

Change-Id: Iada998d00c8fbf9fd35ff7bdd6f87c3e8260aad6

Add an upper limit for height and width at 0xffff, same as jpeg.

Fixes: QTBUG-95891
Change-Id: I0dbc80dab3aab9b4743548772fb63fa69ea21f8a
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit e544d8e4

)
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>

The SVG spec mandates that path parsing should terminate on the first
error encountered, and an error be reported. To improve the handling
of corrupt files, implement such error handling, and also limit the
number of QPainterPath elements to a reasonable range.

Fixes: QTBUG-96044
Change-Id: Ic5e65d6b658516d6f1317c72de365c8c7ad81891
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
(cherry picked from commit 36cfd9ef

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

Change-Id: If050853ddcdeaa4a245257205b26789a71ab6b77

The font size will be passed through a QFixed in
QFontEngineBox::ascent() and overflow there as well as in further places.

[ChangeLog] Avoid numerous overflows by limiting font size to 0xffff.
This fixes oss-fuzz issue 31701.

Change-Id: I2d00c5639804af9b056f0efc979e9899c5358cf7
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
(cherry picked from commit 76eeb072

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

The arc element takes some flag parameters, which could be mixed up
with the float parameters since svg does not require delimiting
characters here. Hence legal svg would be misread..

Fixes: QTBUG-92184
Change-Id: I5885c50d47e2e06ab0f02afefb7a5585c5c713ff
Reviewed-by: Paul Olav Tvete <paul.tvete@qt.io>
(cherry picked from commit b313862f)

Color animation duration parsing mixed seconds and milliseconds.

Factor out a common function for all clock value parsing, and
add checking for overflow and illegal values as a driveby..

Fixes: QTBUG-94878
Change-Id: Ie1d974cd2db55a3d65d7ce02c373021021070489
Reviewed-by: Paul Olav Tvete <paul.tvete@qt.io>
(cherry picked from commit 1da0a668)

Change-Id: I865ca4a5518a77e17bd742e0307ff53e79b73b15

The canRead() header checks assumed 8 bit encoding.

Fixes: QTBUG-90744
Change-Id: Ibe934fe9ed31b89ee0fbfc4562aa66ab1b359225
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 45fb1f07

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

This reverts commit 6d3ab4cd

.

Revert of commercial license headers is required for Qt 5.15.3
opensource release.

Task-number: QTBUG-91108
Change-Id: Ifaeb5555390c7b45bee0a3aa1dec67157ad3475f
Reviewed-by: Jukka Jokiniva <jukka.jokiniva@qt.io>

Parts of our rendering assumes incoming doubles can still be sane
floats.

Fixes: QTBUG-91507
Change-Id: I7086a121e1b5ed47695a1251ea90e774dd8f148d
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit bfd6ee0d

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

Change-Id: I957cbe92ac81f26424e19e77db97c059baea40b9

Updated header.COMM to the files in tqtc-qtsvg. Examples, tests or
documentation files are not updated.

The commercial license header may contain
some additional lines so that its line count
equals with the earlier license header. Reason
for this is that some autotests use hard coded line
numbers and a change in the line count causes
failures in tests.

Task-number: QTQAINFRA-4162
Change-Id: Iedfe87d55dc1967f8340101279c647f1cf3534ca
Reviewed-by: Antti Kokko <antti.kokko@qt.io>

Catch cases where the input is not containable in a qreal, and avoid
passing on inf values.

Change-Id: I1ab8932d94473916815385240c29e03afb0e0c9e
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 428d56da

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

Change-Id: Ic1028c7ee449c807933dfc0564052f778026fdea

+ ba2477be Initialize QSvgHandler with QBuffer instead of QByteArray
+ cd30c2e9 Don't return partially inflated QByteArray
+ 46c22c4c Implement basic format check also for compressed svgs
+ 73430f7a Avoid recursion when inflating compressed svgs
- eca805bb Add changes file for Qt 5.15.1
+ e3c639e7 Doc: Fix linking to Qt Designer Manual
+ fdbe89e4 Change classification of XSVG License
+ 9bb27523 Bump version
+ 4433f21a Reject corrupt svgs with invalid size
+ 7dce014c

 Allow loading SVG files with a doctype declaration

Change-Id: If2ec6447c081c389b8513c2710498c41f3aa2266
Reviewed-by: Andy Shaw <andy.shaw@qt.io>
(cherry picked from commit 52d3788c

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

Change-Id: I08a4c977fe1652853e79ea6ce53b071db72b6986
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
(cherry picked from commit 261ed79b

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

SVGs may have a DOCTYPE declaration
(https://www.w3.org/TR/2003/REC-SVGMobile-20030114/

)
in their first line.

This patch makes sure those SVGs are loaded properly

Fixes: QTBUG-87583
Change-Id: Ia3dcb519b6ee2b498dc81ef496764d99ea6c4a9a
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit 2f63ddc6

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

Fixes oss-fuzz-24735.

Change-Id: I626905562d37b1e53bd346b13bd88894401818ca
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit fcbbc73a

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

Change-Id: Ie6fbc1b76d38331183ff3ecc88c776b34c17f1d8

[ChangeLog][Third-Party Code] XSVG license was re-classified to
HPND-sell-variant, "Historical Permission Notice and Disclaimer - sell variant"

https://spdx.org/licenses/HPND-sell-variant.html



Change-Id: Icff6d7f072f0d4b64bd1c5ce703c8c007184ad8a
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
(cherry picked from commit 8b7f3b4b

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

Change-Id: I9e431a046edb55f060f25ed9fa8aab176647edf4
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
(cherry picked from commit 9c07d27e

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

Change-Id: I9319edddd80c420c4de8b3e4ccb83d0e26307970
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
(cherry picked from commit 6b444e83

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

Avoid the possibility of recursion loop for corrupt compressed files,
and generally simplify the code, particularly the handling of the
QT_NO_COMPRESS flag.

Change-Id: Ic21a4814a45c4303cc366152be65ae54fa973461
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 3d678248

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

For uncompressed files, QSvgIOhandler::canRead() will reject any file
that does not start out with a svg or xml tag. That rudimentary check
was never done for compressed files (svgz).

Implement the check during the decompressing itself, so that we can
fail early and not waste time and memory decompressing potentially
huge files that are anyway not valid svgs.

Fixes: oss-fuzz-24611
Change-Id: I154efd8adafe7f09307e8b28a66b536539b1e4bd
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 93466dad

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

We're already stopping the extraction because we're running out of
memory. It's no use to return this provisional result.

Task-number: oss-fuzz-24611
Change-Id: Iea5a65a0f30b7a03c5405017c21cd9495a7c2971
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 103aace3

)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>