summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSlávek Banko <[email protected]>2015-03-09 22:33:13 +0100
committerSlávek Banko <[email protected]>2015-03-09 22:38:57 +0100
commit5184b53b9bb7482df4092d8fd0b976ade554ba45 (patch)
treeaefcfc7daefece02b8375ecffb5138f1453b9e72
parent2383ee57b0ca9f342f34cf46f57eb3a407ed79ab (diff)
downloadqt3-5184b53b9bb7482df4092d8fd0b976ade554ba45.tar.gz
qt3-5184b53b9bb7482df4092d8fd0b976ade554ba45.zip
Fix security issue CVE-2014-0190
[taken from RedHat Qt3 patches] (cherry picked from commit ad74a11abf9d62389a6bd74a6edf9cd73e36c8f7)
-rw-r--r--src/kernel/qasyncimageio.cpp7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp
index 8ecd1eb..e16125b 100644
--- a/src/kernel/qasyncimageio.cpp
+++ b/src/kernel/qasyncimageio.cpp
@@ -904,7 +904,12 @@ int QGIFFormat::decode(QImage& img, QImageConsumer* consumer,
sheight = newtop + newheight;
if (img.isNull()) {
- img.create(swidth, sheight, 32);
+ if (!img.create(swidth, sheight, 32)) {
+ // Check if the attempt to create the image failed. If
+ // it did, the image is broken and we should give up.
+ state = Error;
+ return -1;
+ }
memset( img.bits(), 0, img.numBytes() );
if (consumer) consumer->setSize(swidth, sheight);
}