Details
-
Bug
-
Resolution: Incomplete
-
Not Evaluated
-
None
-
4.7.2
-
None
-
Windows 7, Qt 4.7.2 opern source edition
Description
We have to display strings we get from untrusted sources over the network and display them. During fuzzing tests we found this crash:
I attached example code so that you can reproduce the problem.
Related to QTBUG-17238
> QtCored4.dll!HB_OpenTypePosition(HB_ShaperItem_ * item=0x0015d698, int availableGlyphs=0x000000ea, unsigned char doLogClusters='') Line 1202 + 0x26 bytes C++
QtCored4.dll!HB_BasicShape(HB_ShaperItem_ * shaper_item=0x0015d698) Line 575 + 0xf bytes C++
QtCored4.dll!HB_ShapeItem(HB_ShaperItem_ * shaper_item=0x0015d698) Line 1334 + 0x13 bytes C++
QtCored4.dll!qShapeItem(HB_ShaperItem_ * item=0x0015d698) Line 120 + 0x9 bytes C++
QtGuid4.dll!QTextEngine::shapeTextWithHarfbuzz(int item=0x00000000) Line 1275 + 0xd bytes C++
QtGuid4.dll!QTextEngine::shapeText(int item=0x00000000) Line 877 C++
QtGuid4.dll!QTextEngine::shape(int item=0x00000000) Line 1383 C++
QtGuid4.dll!QTextLine::layout_helper(int maxGlyphs=0x7fffffff) Line 1837 C++
QtGuid4.dll!QTextLine::setLineWidth(double width=229.00000000000000) Line 1625 C++
QtGuid4.dll!QTextDocumentLayoutPrivate::layoutBlock(const QTextBlock & bl=
, QTextLayoutStruct * layoutStruct=0x0015ea30, int layoutFrom=0x0000a381, int layoutTo=0x7fffffff, const QTextBlockFormat * previousBlockFormat=0x0015e838) Line 2603 C++
QtGuid4.dll!QTextDocumentLayoutPrivate::layoutFlow(QTextFrame::iterator it=
) Line 2408 C++
QtGuid4.dll!QTextDocumentLayoutPrivate::layoutFrame(QTextFrame * f=0x02344a48, int layoutFrom=0x0000a381, int layoutTo=0x7fffffff, QFixed frameWidth=
, QFixed parentY=
{...}) Line 2147 C++QtGuid4.dll!QTextDocumentLayoutPrivate::layoutFrame(QTextFrame * f=0x02344a48, int layoutFrom=0x0000a381, int layoutTo=0x7fffffff, QFixed parentY={...}
) Line 2051 + 0x27 bytes C++
QtGuid4.dll!QTextDocumentLayout::doLayout(int from=0x0000a381, int oldLength=0x00000000, int length=0x7fff5c7e) Line 2914 + 0x25 bytes C++
QtGuid4.dll!QTextDocumentLayoutPrivate::ensureLayoutedByPosition(int position=0x0005b3ec) Line 3077 C++
QtGuid4.dll!QTextDocumentLayout::blockBoundingRect(const QTextBlock & block=
QtGuid4.dll!QTextControl::blockBoundingRect(const QTextBlock & block={...}
) Line 2956 + 0x23 bytes C++
QtGuid4.dll!QTextControlPrivate::rectForPosition(int position=0x0005b3eb) Line 1325 + 0x1c bytes C++
QtGuid4.dll!QTextControl::ensureCursorVisible() Line 2847 + 0x44 bytes C++
QtGuid4.dll!QTextEdit::ensureCursorVisible() Line 2633 C++
QtGuid4.dll!QTextEdit::showEvent(QShowEvent * __formal=0x0015f788) Line 1746 C++
QtGuid4.dll!QWidget::event(QEvent * event=0x0015f788) Line 8467 C++
QtGuid4.dll!QFrame::event(QEvent * e=0x0015f788) Line 557 + 0xc bytes C++
QtGuid4.dll!QAbstractScrollArea::event(QEvent * e=0x0015f788) Line 996 + 0xc bytes C++
QtGuid4.dll!QTextEdit::event(QEvent * e=0x0015f788) Line 1071 C++
QtGuid4.dll!QTextBrowser::event(QEvent * e=0x0015f788) Line 1269 C++
QtGuid4.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x0015f838, QEvent * e=0x0015f788) Line 4462 + 0x11 bytes C++
QtGuid4.dll!QApplication::notify(QObject * receiver=0x0015f838, QEvent * e=0x0015f788) Line 4427 + 0x10 bytes C++
QtCored4.dll!QCoreApplication::notifyInternal(QObject * receiver=0x0015f838, QEvent * event=0x0015f788) Line 731 + 0x15 bytes C++
QtCored4.dll!QCoreApplication::sendEvent(QObject * receiver=0x0015f838, QEvent * event=0x0015f788) Line 215 + 0x39 bytes C++
QtGuid4.dll!QWidgetPrivate::show_helper() Line 7439 + 0xe bytes C++
QtGuid4.dll!QWidget::setVisible(bool visible=true) Line 7664 C++
QtGuid4.dll!QWidget::show() Line 487 + 0x16 bytes C++
hafbuzz_crash.exe!main(int argc=0x00000001, char * * argv=0x02336170) Line 26 C++
hafbuzz_crash.exe!WinMain(HINSTANCE__ * instance=0x009c0000, HINSTANCE__ * prevInstance=0x00000000, char * __formal=0x0039544f, int cmdShow=0x00000001) Line 131 + 0x12 bytes C++
hafbuzz_crash.exe!__tmainCRTStartup() Line 578 + 0x35 bytes C
hafbuzz_crash.exe!WinMainCRTStartup() Line 403 C