Fix security issue CVE-2015-0295

[taken from RedHat Qt3 patches] (cherry picked from commit 64d9c07d5709e9bcb0b676d55c4a5b303599f708)
author: Slávek Banko <slavek.banko@axis.cz> 2015-03-09 22:35:08 +0100
committer: Slávek Banko <slavek.banko@axis.cz> 2015-03-09 22:38:34 +0100
commit: 2dbd340ba29c2689c1974a942b9d4e63c51d66e8 (patch)
tree: 1ef511f5855263580d91bff7bd711b2cb1600a5b /src
parent: f457b176b5e94faffc78cdef05d9e99b7ad90e64 (diff)
download: tqt3-2dbd340ba29c2689c1974a942b9d4e63c51d66e8.tar.gz
tqt3-2dbd340ba29c2689c1974a942b9d4e63c51d66e8.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/kernel/qimage.cpp b/src/kernel/qimage.cpp
index a22b744a9..ab42e188b 100644
--- a/src/kernel/qimage.cpp
+++ b/src/kernel/qimage.cpp
@@ -4716,10 +4716,16 @@ bool read_dib( TQDataStream& s, int offset, int startpos, TQImage& image )
 	if ( (TQ_ULONG)d->readBlock( (char *)&blue_mask, sizeof(blue_mask) ) != sizeof(blue_mask) )
 	    return FALSE;
 	red_shift = calc_shift(red_mask);
+	if (((red_mask >> red_shift) + 1) == 0)
+	    return FALSE;
 	red_scale = 256 / ((red_mask >> red_shift) + 1);
 	green_shift = calc_shift(green_mask);
+	if (((green_mask >> green_shift) + 1) == 0)
+	    return FALSE;
 	green_scale = 256 / ((green_mask >> green_shift) + 1);
 	blue_shift = calc_shift(blue_mask);
+	if (((blue_mask >> blue_shift) + 1) == 0)
+	    return FALSE;
 	blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
     } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) {
 	blue_mask = 0x000000ff;
author	Slávek Banko <slavek.banko@axis.cz>	2015-03-09 22:35:08 +0100
committer	Slávek Banko <slavek.banko@axis.cz>	2015-03-09 22:38:34 +0100
commit	2dbd340ba29c2689c1974a942b9d4e63c51d66e8 (patch)
tree	1ef511f5855263580d91bff7bd711b2cb1600a5b /src
parent	f457b176b5e94faffc78cdef05d9e99b7ad90e64 (diff)
download	tqt3-2dbd340ba29c2689c1974a942b9d4e63c51d66e8.tar.gz tqt3-2dbd340ba29c2689c1974a942b9d4e63c51d66e8.zip