diff options
author | Slávek Banko <slavek.banko@axis.cz> | 2015-03-09 22:33:13 +0100 |
---|---|---|
committer | Slávek Banko <slavek.banko@axis.cz> | 2015-12-13 00:37:01 +0100 |
commit | 2e1f44ecf69b60af7e755d740d8fc05e9e0a73dd (patch) | |
tree | c44d7dd9826203886477e3e9c44e1d55391c64f8 /src/kernel | |
parent | 635d3fe606632d01dd8c98ec33a8a0c605644e21 (diff) | |
download | qt3-2e1f44ecf69b60af7e755d740d8fc05e9e0a73dd.tar.gz qt3-2e1f44ecf69b60af7e755d740d8fc05e9e0a73dd.zip |
Fix security issue CVE-2014-0190
[taken from RedHat Qt3 patches]
(cherry picked from commit ad74a11abf9d62389a6bd74a6edf9cd73e36c8f7)
Diffstat (limited to 'src/kernel')
-rw-r--r-- | src/kernel/qasyncimageio.cpp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp index 8ecd1eb..e16125b 100644 --- a/src/kernel/qasyncimageio.cpp +++ b/src/kernel/qasyncimageio.cpp @@ -904,7 +904,12 @@ int QGIFFormat::decode(QImage& img, QImageConsumer* consumer, sheight = newtop + newheight; if (img.isNull()) { - img.create(swidth, sheight, 32); + if (!img.create(swidth, sheight, 32)) { + // Check if the attempt to create the image failed. If + // it did, the image is broken and we should give up. + state = Error; + return -1; + } memset( img.bits(), 0, img.numBytes() ); if (consumer) consumer->setSize(swidth, sheight); } |