TDE
/
tqt3
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/tqt3
0
0
Fork 0
Code Issues Releases Wiki Activity

Fix crash in tqimage for certain malformed ppm image files

Browse Source 
The ppm format specifies that the maximum color value field must be
less than 65536. The handler did not enforce this, leading to
potentional overflow when the value was used in 16 bits context.

Based on Qt5 patch for CVE-2018-19872.

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
pull/23/head
Slávek Banko 5 years ago
parent da15dfe6d7
commit 4470facd61
No known key found for this signature in database
GPG Key ID: 608F5293A04BE668
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
src/kernel/qimage.cpp
Unescape View File

@ -5196,7 +5196,7 @@ static void read_pbm_image( TQImageIO *iio ) // read PBM image data
mcc = 1; // ignore max color component
else
mcc = read_pbm_int( d ); // get max color component
if ( w <= 0 || w > 32767 || h <= 0 || h > 32767 || mcc <= 0 )
if ( w <= 0 || w > 32767 || h <= 0 || h > 32767 || mcc <= 0 || mcc > 0xffff )
return; // weird P.M image
int maxc = mcc;

Write Preview
Loading…
Cancel
Save