summaryrefslogtreecommitdiffstats
path: root/src/kernel
diff options
context:
space:
mode:
authorSlávek Banko <slavek.banko@axis.cz>2019-01-28 10:56:46 +0100
committerSlávek Banko <slavek.banko@axis.cz>2019-03-03 15:36:55 +0100
commit83036c3af1ff5439b9106a31738650c54920e475 (patch)
tree65931e8857a88f1205e2b659d671ad585acdb247 /src/kernel
parentb7be699a0982bb35f229337616bb24795d4762ed (diff)
downloadtqt3-83036c3af1ff5439b9106a31738650c54920e475.tar.gz
tqt3-83036c3af1ff5439b9106a31738650c54920e475.zip
Check for TQImage allocation failure in qasyncimageio.
Since image files easily can be (or corrupt files claim to be) huge, it is worth checking for out of memory situations. Based on Qt5 patch for CVE-2018-19870. Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
Diffstat (limited to 'src/kernel')
-rw-r--r--src/kernel/qasyncimageio.cpp9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp
index a8196e93a..8605c79ad 100644
--- a/src/kernel/qasyncimageio.cpp
+++ b/src/kernel/qasyncimageio.cpp
@@ -964,9 +964,12 @@ int TQGIFFormat::decode(TQImage& img, TQImageConsumer* consumer,
if (backingstore.width() < w
|| backingstore.height() < h) {
// We just use the backing store as a byte array
- backingstore.create( TQMAX(backingstore.width(), w),
- TQMAX(backingstore.height(), h),
- 32);
+ if(!backingstore.create( TQMAX(backingstore.width(), w),
+ TQMAX(backingstore.height(), h),
+ 32)) {
+ state = Error;
+ return -1;
+ }
memset( img.bits(), 0, img.numBytes() );
}
for (int ln=0; ln<h; ln++) {