From 83036c3af1ff5439b9106a31738650c54920e475 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sl=C3=A1vek=20Banko?= <slavek.banko@axis.cz>
Date: Mon, 28 Jan 2019 10:56:46 +0100
Subject: [PATCH] Check for TQImage allocation failure in qasyncimageio.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Since image files easily can be (or corrupt files claim to be) huge,
it is worth checking for out of memory situations.

Based on Qt5 patch for CVE-2018-19870.

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
---
 src/kernel/qasyncimageio.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp
index a8196e93..8605c79a 100644
--- a/src/kernel/qasyncimageio.cpp
+++ b/src/kernel/qasyncimageio.cpp
@@ -964,9 +964,12 @@ int TQGIFFormat::decode(TQImage& img, TQImageConsumer* consumer,
 		    if (backingstore.width() < w
 			|| backingstore.height() < h) {
 			// We just use the backing store as a byte array
-			backingstore.create( TQMAX(backingstore.width(), w),
-					     TQMAX(backingstore.height(), h),
-					     32);
+			if(!backingstore.create( TQMAX(backingstore.width(), w),
+						 TQMAX(backingstore.height(), h),
+						 32)) {
+				state = Error;
+				return -1;
+			}
 			memset( img.bits(), 0, img.numBytes() );
 		    }
 		    for (int ln=0; ln<h; ln++) {