summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSlávek Banko <slavek.banko@axis.cz>2015-05-23 18:48:53 +0200
committerSlávek Banko <slavek.banko@axis.cz>2015-05-23 18:48:53 +0200
commit094708c0e7379cbc825488cd6101c6b8a610302a (patch)
tree9930ac4d25b5037e67cde9a264d9e2e672a254e9
parent64d9c07d5709e9bcb0b676d55c4a5b303599f708 (diff)
downloadtqt3-094708c0e7379cbc825488cd6101c6b8a610302a.tar.gz
tqt3-094708c0e7379cbc825488cd6101c6b8a610302a.zip
Fix security issue CVE-2015-1860
[taken from RedHat Qt3 patches]
-rw-r--r--src/kernel/qasyncimageio.cpp2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp
index 489d69af2..e26ef399d 100644
--- a/src/kernel/qasyncimageio.cpp
+++ b/src/kernel/qasyncimageio.cpp
@@ -1226,6 +1226,8 @@ void TQGIFFormat::fillRect(TQImage& img, int col, int row, int w, int h, TQRgb c
void TQGIFFormat::nextY(TQImage& img, TQImageConsumer* consumer)
{
+ if (out_of_bounds)
+ return;
int my;
switch (interlace) {
case 0: