summaryrefslogtreecommitdiffstats
path: root/src/kernel
diff options
context:
space:
mode:
authorSlávek Banko <slavek.banko@axis.cz>2019-01-28 11:46:21 +0100
committerSlávek Banko <slavek.banko@axis.cz>2019-03-03 15:33:15 +0100
commitac1b4232ffc2b02bc4ab2e04e5451fa40b62a93e (patch)
tree5ec7a2abab9ef7cae772e387c353aff2519596a7 /src/kernel
parentc966e917a9f092e8b35e1f274dcddebdcb77c3e0 (diff)
downloadqt3-ac1b4232ffc2b02bc4ab2e04e5451fa40b62a93e.tar.gz
qt3-ac1b4232ffc2b02bc4ab2e04e5451fa40b62a93e.zip
Check for QImage allocation failure in qasyncimageio.
Since image files easily can be (or corrupt files claim to be) huge, it is worth checking for out of memory situations. Based on Qt5 patch for CVE-2018-19870. Signed-off-by: Slávek Banko <slavek.banko@axis.cz> (cherry picked from commit a04cfea092d974109c6a883f26762be984805c8e)
Diffstat (limited to 'src/kernel')
-rw-r--r--src/kernel/qasyncimageio.cpp9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp
index 7be8ddb..18b3cca 100644
--- a/src/kernel/qasyncimageio.cpp
+++ b/src/kernel/qasyncimageio.cpp
@@ -964,9 +964,12 @@ int QGIFFormat::decode(QImage& img, QImageConsumer* consumer,
if (backingstore.width() < w
|| backingstore.height() < h) {
// We just use the backing store as a byte array
- backingstore.create( QMAX(backingstore.width(), w),
- QMAX(backingstore.height(), h),
- 32);
+ if(!backingstore.create( QMAX(backingstore.width(), w),
+ QMAX(backingstore.height(), h),
+ 32)) {
+ state = Error;
+ return -1;
+ }
memset( img.bits(), 0, img.numBytes() );
}
for (int ln=0; ln<h; ln++) {