rdieter pushed to qt5-qtbase (epel7). "Crash due to unsafe access to QTextLayout::lineCount (#1207279, QTBUG-43562)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Mon Apr 13 17:51:53 UTC 2015
>From 21c37f05b959186ac453af4a13192a47c35ceebf Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter at math.unl.edu>
Date: Mon, 30 Mar 2015 10:33:49 -0500
Subject: Crash due to unsafe access to QTextLayout::lineCount
(#1207279,QTBUG-43562)
diff --git a/0012-Fix-a-crash-in-QPlainTextEdit-documentChanged.patch b/0012-Fix-a-crash-in-QPlainTextEdit-documentChanged.patch
new file mode 100644
index 0000000..bd6c3a8
--- /dev/null
+++ b/0012-Fix-a-crash-in-QPlainTextEdit-documentChanged.patch
@@ -0,0 +1,85 @@
+From 890ae41d0601d20505df2f955a99d0238bf4f59e Mon Sep 17 00:00:00 2001
+From: Pierre Rossi <pierre.rossi at theqtcompany.com>
+Date: Wed, 7 Jan 2015 16:16:23 +0100
+Subject: [PATCH 012/223] Fix a crash in QPlainTextEdit::documentChanged
+
+The layout for an invalid block is very likely to be null, it
+shouldn't be accessed without checking the block's validity first.
+We can make the check a bit more conservative and simply check that
+the block isn't empty.
+
+Change-Id: Ic1459a6168b1b8ce36e9c6d019dc28653676efbe
+Task-number: QTBUG-43562
+Reviewed-by: Simon Hausmann <simon.hausmann at digia.com>
+---
+ src/widgets/widgets/qplaintextedit.cpp | 3 +-
+ .../widgets/qplaintextedit/tst_qplaintextedit.cpp | 33 ++++++++++++++++++++++
+ 2 files changed, 34 insertions(+), 2 deletions(-)
+
+diff --git a/src/widgets/widgets/qplaintextedit.cpp b/src/widgets/widgets/qplaintextedit.cpp
+index 72a556d..e56fd11 100644
+--- a/src/widgets/widgets/qplaintextedit.cpp
++++ b/src/widgets/widgets/qplaintextedit.cpp
+@@ -288,8 +288,7 @@ void QPlainTextDocumentLayout::documentChanged(int from, int charsRemoved, int c
+
+ if (changeStartBlock == changeEndBlock && newBlockCount == d->blockCount) {
+ QTextBlock block = changeStartBlock;
+- int blockLineCount = block.layout()->lineCount();
+- if (block.isValid() && blockLineCount) {
++ if (block.isValid() && block.length()) {
+ QRectF oldBr = blockBoundingRect(block);
+ layoutBlock(block);
+ QRectF newBr = blockBoundingRect(block);
+diff --git a/tests/auto/widgets/widgets/qplaintextedit/tst_qplaintextedit.cpp b/tests/auto/widgets/widgets/qplaintextedit/tst_qplaintextedit.cpp
+index d8e7fb7..cf495e2 100644
+--- a/tests/auto/widgets/widgets/qplaintextedit/tst_qplaintextedit.cpp
++++ b/tests/auto/widgets/widgets/qplaintextedit/tst_qplaintextedit.cpp
+@@ -148,6 +148,7 @@ private slots:
+ #endif
+ void layoutAfterMultiLineRemove();
+ void undoCommandRemovesAndReinsertsBlock();
++ void taskQTBUG_43562_lineCountCrash();
+
+ private:
+ void createSelection();
+@@ -1629,5 +1630,37 @@ void tst_QPlainTextEdit::undoCommandRemovesAndReinsertsBlock()
+
+ }
+
++class ContentsChangedFunctor {
++public:
++ ContentsChangedFunctor(QPlainTextEdit *t) : textEdit(t) {}
++ void operator()(int, int, int)
++ {
++ QTextCursor c(textEdit->textCursor());
++ c.beginEditBlock();
++ c.movePosition(QTextCursor::Start);
++ c.movePosition(QTextCursor::End, QTextCursor::KeepAnchor);
++ c.setCharFormat(QTextCharFormat());
++ c.endEditBlock();
++ }
++
++private:
++ QPlainTextEdit *textEdit;
++};
++
++void tst_QPlainTextEdit::taskQTBUG_43562_lineCountCrash()
++{
++ connect(ed->document(), &QTextDocument::contentsChange, ContentsChangedFunctor(ed));
++ // Don't crash
++ QTest::keyClicks(ed, "Some text");
++ QTest::keyClick(ed, Qt::Key_Left);
++ QTest::keyClick(ed, Qt::Key_Right);
++ QTest::keyClick(ed, Qt::Key_A);
++ QTest::keyClick(ed, Qt::Key_Left);
++ QTest::keyClick(ed, Qt::Key_Right);
++ QTest::keyClick(ed, Qt::Key_Space);
++ QTest::keyClicks(ed, "nd some more");
++ disconnect(ed->document(), SIGNAL(contentsChange(int, int, int)), 0, 0);
++}
++
+ QTEST_MAIN(tst_QPlainTextEdit)
+ #include "tst_qplaintextedit.moc"
+--
+1.9.3
+
diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index c885f9d..08a359a 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -37,7 +37,7 @@
Summary: Qt5 - QtBase components
Name: qt5-qtbase
Version: 5.4.1
-Release: 5%{?dist}
+Release: 6%{?dist}
# See LGPL_EXCEPTIONS.txt, for exception details
License: LGPLv2 with exceptions or GPLv3 with exceptions
@@ -104,6 +104,7 @@ Patch207: qt5-qtbase-5.5-0007-xcb-create-a-screen-if-dimensions-are-known-but-ou
Patch208: qt5-qtbase-5.5-Get_display_number_when_screen_number_is_omitted.patch
+Patch212: 0012-Fix-a-crash-in-QPlainTextEdit-documentChanged.patch
Patch272: 0072-CMake-Fix-QObject-connect-failing-on-ARM.patch
Patch294: 0094-Fix-Meta-.-shortcuts-on-XCB.patch
Patch332: 0132-Call-ofono-nm-Registered-delayed-in-constructor-othe.patch
@@ -364,6 +365,7 @@ rm -fv mkspecs/linux-g++*/qmake.conf.multilib-optflags
%patch207 -p1 -b .xcb0007
%patch208 -p1 -b .ibus_get_display_number
+%patch212 -p1 -b .0012
%patch272 -p1 -b .0072
%patch294 -p1 -b .0094
%patch332 -p1 -b .0132
@@ -879,6 +881,9 @@ fi
%changelog
+* Mon Mar 30 2015 Rex Dieter <rdieter at fedoraproject.org> 5.4.1-6
+- Crash due to unsafe access to QTextLayout::lineCount (#1207279,QTBUG-43562)
+
* Mon Mar 30 2015 Rex Dieter <rdieter at fedoraproject.org> 5.4.1-5
- unable to use input methods in ibus-1.5.10 (#1203575)
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/qt5-qtbase.git/commit/?h=epel7&id=21c37f05b959186ac453af4a13192a47c35ceebf
More information about the scm-commits
mailing list