Avoid crash in blitting or fast draw when QPointF is too big

Change-Id: I88182d5d95fda15d33836f16dee78167685b3765
Fixes: QTBUG-72392
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: Tim Jenssen <tim.jenssen@qt.io>

src/gui/painting/qpaintengine_raster.cpp

@@ -997,6 +997,10 @@ void QRasterPaintEnginePrivate::drawImage(const QPointF &pt,
 {
     if (alpha == 0 || !clip.isValid())
         return;
+    if (pt.x() > qreal(clip.right()) || pt.y() > qreal(clip.bottom()))
+        return;
+    if ((pt.x() + img.width()) < qreal(clip.left()) || (pt.y() + img.height()) < qreal(clip.top()))
+        return;
 
     Q_ASSERT(img.depth() >= 8);
 
@@ -1063,6 +1067,10 @@ void QRasterPaintEnginePrivate::blitImage(const QPointF &pt,
 {
     if (!clip.isValid())
         return;
+    if (pt.x() > qreal(clip.right()) || pt.y() > qreal(clip.bottom()))
+        return;
+    if ((pt.x() + img.width()) < qreal(clip.left()) || (pt.y() + img.height()) < qreal(clip.top()))
+        return;
 
     Q_ASSERT(img.depth() >= 8);
 

tests/auto/gui/painting/qpainter/tst_qpainter.cpp

@@ -299,6 +299,8 @@ private slots:
 
     void fillPolygon();
 
+    void drawImageAtPointF();
+
 private:
     void fillData();
     void setPenColor(QPainter& p);
@@ -5292,6 +5294,20 @@ void tst_QPainter::fillPolygon()
     }
 }
 
+void tst_QPainter::drawImageAtPointF()
+{
+    // Just test we do not crash
+    QImage image1(10, 10, QImage::Format_RGB32);
+    QImage image2(200, 200, QImage::Format_RGB32);
+
+    QPainter paint(&image2);
+    paint.setClipRect(97, 46, 14, 14);
+    paint.setCompositionMode(QPainter::CompositionMode_Source);
+    paint.drawImage(QPointF(96, std::numeric_limits<int>::max()), image1);
+    paint.drawImage(QPointF(std::numeric_limits<int>::min(), 48), image1);
+    paint.end();
+}
+
 QTEST_MAIN(tst_QPainter)
 
 #include "tst_qpainter.moc"