Fix security issue CVE-2015-0295

[taken from RedHat Qt3 patches] (cherry picked from commit b3037160f25730efca66966559779559a4946bf3)
author: Slávek Banko <[email protected]> 2015-03-09 22:35:10 +0100
committer: Slávek Banko <[email protected]> 2015-03-09 22:38:58 +0100
commit: a0008cd747a3ebcccedee198eee5d9de21fc05c9 (patch)
tree: 32ae34da2a7b90799897bbc91623f60c7d651a4a /src
parent: 5184b53b9bb7482df4092d8fd0b976ade554ba45 (diff)
download: qt3-a0008cd747a3ebcccedee198eee5d9de21fc05c9.tar.gz
qt3-a0008cd747a3ebcccedee198eee5d9de21fc05c9.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/kernel/qimage.cpp b/src/kernel/qimage.cpp
index 4c489d2..60a9a5d 100644
--- a/src/kernel/qimage.cpp
+++ b/src/kernel/qimage.cpp
@@ -4716,10 +4716,16 @@ bool read_dib( QDataStream& s, int offset, int startpos, QImage& image )
 	if ( (Q_ULONG)d->readBlock( (char *)&blue_mask, sizeof(blue_mask) ) != sizeof(blue_mask) )
 	    return FALSE;
 	red_shift = calc_shift(red_mask);
+	if (((red_mask >> red_shift) + 1) == 0)
+	    return FALSE;
 	red_scale = 256 / ((red_mask >> red_shift) + 1);
 	green_shift = calc_shift(green_mask);
+	if (((green_mask >> green_shift) + 1) == 0)
+	    return FALSE;
 	green_scale = 256 / ((green_mask >> green_shift) + 1);
 	blue_shift = calc_shift(blue_mask);
+	if (((blue_mask >> blue_shift) + 1) == 0)
+	    return FALSE;
 	blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
     } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) {
 	blue_mask = 0x000000ff;
author	Slávek Banko <[email protected]>	2015-03-09 22:35:10 +0100
committer	Slávek Banko <[email protected]>	2015-03-09 22:38:58 +0100
commit	a0008cd747a3ebcccedee198eee5d9de21fc05c9 (patch)
tree	32ae34da2a7b90799897bbc91623f60c7d651a4a /src
parent	5184b53b9bb7482df4092d8fd0b976ade554ba45 (diff)
download	qt3-a0008cd747a3ebcccedee198eee5d9de21fc05c9.tar.gz qt3-a0008cd747a3ebcccedee198eee5d9de21fc05c9.zip