From 64d9c07d5709e9bcb0b676d55c4a5b303599f708 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sl=C3=A1vek=20Banko?= Date: Mon, 9 Mar 2015 22:35:08 +0100 Subject: Fix security issue CVE-2015-0295 [taken from RedHat Qt3 patches] --- src/kernel/qimage.cpp | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/kernel/qimage.cpp') diff --git a/src/kernel/qimage.cpp b/src/kernel/qimage.cpp index a22b744a9..ab42e188b 100644 --- a/src/kernel/qimage.cpp +++ b/src/kernel/qimage.cpp @@ -4716,10 +4716,16 @@ bool read_dib( TQDataStream& s, int offset, int startpos, TQImage& image ) if ( (TQ_ULONG)d->readBlock( (char *)&blue_mask, sizeof(blue_mask) ) != sizeof(blue_mask) ) return FALSE; red_shift = calc_shift(red_mask); + if (((red_mask >> red_shift) + 1) == 0) + return FALSE; red_scale = 256 / ((red_mask >> red_shift) + 1); green_shift = calc_shift(green_mask); + if (((green_mask >> green_shift) + 1) == 0) + return FALSE; green_scale = 256 / ((green_mask >> green_shift) + 1); blue_shift = calc_shift(blue_mask); + if (((blue_mask >> blue_shift) + 1) == 0) + return FALSE; blue_scale = 256 / ((blue_mask >> blue_shift) + 1); } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) { blue_mask = 0x000000ff; -- cgit v1.2.1