28 lines
1.3 KiB
Diff
28 lines
1.3 KiB
Diff
|
From 621ab8ab59901cc3f9bd98be709929c9eac997a8 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
|
||
|
|
Date: Tue, 4 Sep 2018 11:08:06 +0200
|
||
|
|
Subject: [PATCH] bmp image handler: check for out of range image size
|
||
|
|
|
||
|
|
Make the decoder fail early to avoid spending time and memory on
|
||
|
|
attempting to decode a corrupt image file.
|
||
|
|
|
||
|
|
Change-Id: I874e04f3b43122d73f8e58c7a5bcc4a741b68264
|
||
|
|
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
||
|
|
---
|
||
|
|
src/gui/image/qbmphandler.cpp | 2 ++
|
||
|
|
1 file changed, 2 insertions(+)
|
||
|
|
|
||
|
|
Index: qtbase-opensource-src-5.5.1+dfsg/src/gui/image/qbmphandler.cpp
|
||
|
|
===================================================================
|
||
|
|
--- qtbase-opensource-src-5.5.1+dfsg.orig/src/gui/image/qbmphandler.cpp 2019-02-05 13:20:23.396119556 -0500
|
||
|
|
+++ qtbase-opensource-src-5.5.1+dfsg/src/gui/image/qbmphandler.cpp 2019-02-05 13:20:23.392119539 -0500
|
||
|
|
@@ -173,6 +173,8 @@ static bool read_dib_infoheader(QDataStr
|
||
|
|
if (!(comp == BMP_RGB || (nbits == 4 && comp == BMP_RLE4) ||
|
||
|
|
(nbits == 8 && comp == BMP_RLE8) || ((nbits == 16 || nbits == 32) && comp == BMP_BITFIELDS)))
|
||
|
|
return false; // weird compression type
|
||
|
|
+ if (bi.biWidth < 0 || quint64(bi.biWidth) * qAbs(bi.biHeight) > 16384 * 16384)
|
||
|
|
+ return false;
|
||
|
|
|
||
|
|
return true;
|
||
|
|
}
|