diff options
author | Slávek Banko <[email protected]> | 2015-03-09 22:33:13 +0100 |
---|---|---|
committer | Slávek Banko <[email protected]> | 2015-03-09 22:38:57 +0100 |
commit | 5184b53b9bb7482df4092d8fd0b976ade554ba45 (patch) | |
tree | aefcfc7daefece02b8375ecffb5138f1453b9e72 | |
parent | 2383ee57b0ca9f342f34cf46f57eb3a407ed79ab (diff) | |
download | qt3-5184b53b9bb7482df4092d8fd0b976ade554ba45.tar.gz qt3-5184b53b9bb7482df4092d8fd0b976ade554ba45.zip |
Fix security issue CVE-2014-0190
[taken from RedHat Qt3 patches]
(cherry picked from commit ad74a11abf9d62389a6bd74a6edf9cd73e36c8f7)
-rw-r--r-- | src/kernel/qasyncimageio.cpp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp index 8ecd1eb..e16125b 100644 --- a/src/kernel/qasyncimageio.cpp +++ b/src/kernel/qasyncimageio.cpp @@ -904,7 +904,12 @@ int QGIFFormat::decode(QImage& img, QImageConsumer* consumer, sheight = newtop + newheight; if (img.isNull()) { - img.create(swidth, sheight, 32); + if (!img.create(swidth, sheight, 32)) { + // Check if the attempt to create the image failed. If + // it did, the image is broken and we should give up. + state = Error; + return -1; + } memset( img.bits(), 0, img.numBytes() ); if (consumer) consumer->setSize(swidth, sheight); } |