Check for TQImage allocation failure in qasyncimageio.

Since image files easily can be (or corrupt files claim to be) huge, it is worth checking for out of memory situations. Based on Qt5 patch for CVE-2018-19870. Signed-off-by: Slávek Banko <[email protected]>
author: Slávek Banko <[email protected]> 2019-01-28 10:56:46 +0100
committer: Slávek Banko <[email protected]> 2019-03-03 15:36:55 +0100
commit: 83036c3af1ff5439b9106a31738650c54920e475 (patch)
tree: 65931e8857a88f1205e2b659d671ad585acdb247 /src/kernel/qasyncimageio.cpp
parent: b7be699a0982bb35f229337616bb24795d4762ed (diff)
download: tqt3-83036c3af1ff5439b9106a31738650c54920e475.tar.gz
tqt3-83036c3af1ff5439b9106a31738650c54920e475.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp
index a8196e93a..8605c79ad 100644
--- a/src/kernel/qasyncimageio.cpp
+++ b/src/kernel/qasyncimageio.cpp
@@ -964,9 +964,12 @@ int TQGIFFormat::decode(TQImage& img, TQImageConsumer* consumer,
 		    if (backingstore.width() < w
 			|| backingstore.height() < h) {
 			// We just use the backing store as a byte array
-			backingstore.create( TQMAX(backingstore.width(), w),
-					     TQMAX(backingstore.height(), h),
-					     32);
+			if(!backingstore.create( TQMAX(backingstore.width(), w),
+						 TQMAX(backingstore.height(), h),
+						 32)) {
+				state = Error;
+				return -1;
+			}
 			memset( img.bits(), 0, img.numBytes() );
 		    }
 		    for (int ln=0; ln<h; ln++) {
author	Slávek Banko <[email protected]>	2019-01-28 10:56:46 +0100
committer	Slávek Banko <[email protected]>	2019-03-03 15:36:55 +0100
commit	83036c3af1ff5439b9106a31738650c54920e475 (patch)
tree	65931e8857a88f1205e2b659d671ad585acdb247 /src/kernel/qasyncimageio.cpp
parent	b7be699a0982bb35f229337616bb24795d4762ed (diff)
download	tqt3-83036c3af1ff5439b9106a31738650c54920e475.tar.gz tqt3-83036c3af1ff5439b9106a31738650c54920e475.zip