Fix security issue CVE-2014-0190

[taken from RedHat Qt3 patches] (cherry picked from commit ad74a11abf9d62389a6bd74a6edf9cd73e36c8f7)
author: Slávek Banko <slavek.banko@axis.cz> 2015-03-09 22:33:13 +0100
committer: Slávek Banko <slavek.banko@axis.cz> 2015-12-13 00:37:01 +0100
commit: 2e1f44ecf69b60af7e755d740d8fc05e9e0a73dd (patch)
tree: c44d7dd9826203886477e3e9c44e1d55391c64f8 /src/kernel
parent: 635d3fe606632d01dd8c98ec33a8a0c605644e21 (diff)
download: qt3-2e1f44ecf69b60af7e755d740d8fc05e9e0a73dd.tar.gz
qt3-2e1f44ecf69b60af7e755d740d8fc05e9e0a73dd.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp
index 8ecd1eb..e16125b 100644
--- a/src/kernel/qasyncimageio.cpp
+++ b/src/kernel/qasyncimageio.cpp
@@ -904,7 +904,12 @@ int QGIFFormat::decode(QImage& img, QImageConsumer* consumer,
 		    sheight = newtop + newheight;
 
 		if (img.isNull()) {
-		    img.create(swidth, sheight, 32);
+		    if (!img.create(swidth, sheight, 32)) {
+			// Check if the attempt to create the image failed. If
+			// it did, the image is broken and we should give up.
+			state = Error;
+			return -1;
+		    }
 		    memset( img.bits(), 0, img.numBytes() );
 		    if (consumer) consumer->setSize(swidth, sheight);
 		}
author	Slávek Banko <slavek.banko@axis.cz>	2015-03-09 22:33:13 +0100
committer	Slávek Banko <slavek.banko@axis.cz>	2015-12-13 00:37:01 +0100
commit	2e1f44ecf69b60af7e755d740d8fc05e9e0a73dd (patch)
tree	c44d7dd9826203886477e3e9c44e1d55391c64f8 /src/kernel
parent	635d3fe606632d01dd8c98ec33a8a0c605644e21 (diff)
download	qt3-2e1f44ecf69b60af7e755d740d8fc05e9e0a73dd.tar.gz qt3-2e1f44ecf69b60af7e755d740d8fc05e9e0a73dd.zip