Check for QImage allocation failure in qasyncimageio.

Since image files easily can be (or corrupt files claim to be) huge, it is worth checking for out of memory situations. Based on Qt5 patch for CVE-2018-19870. Signed-off-by: Slávek Banko <slavek.banko@axis.cz> (cherry picked from commit a04cfea092)
5 years ago · 55c97eb0b3
parent d85c2df3c7
commit 55c97eb0b3
1 changed files with 6 additions and 3 deletions
--- a/src/kernel/qasyncimageio.cpp
+++ b/src/kernel/qasyncimageio.cpp
@ -964,9 +964,12 @@ int QGIFFormat::decode(QImage& img, QImageConsumer* consumer,
 		    if (backingstore.width() < w
 			|| backingstore.height() < h) {
 			// We just use the backing store as a byte array
-			backingstore.create( QMAX(backingstore.width(), w),
-					     QMAX(backingstore.height(), h),
-					     32);
+			if(!backingstore.create( QMAX(backingstore.width(), w),
+						 QMAX(backingstore.height(), h),
+						 32)) {
+				state = Error;
+				return -1;
+			}
 			memset( img.bits(), 0, img.numBytes() );
 		    }
 		    for (int ln=0; ln<h; ln++) {