TDE
/
tqt3
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/tqt3
0
0
Fork 0
Code Issues Releases Wiki Activity

bmp image: check for out of range image size.

Browse Source 
Make the decoder fail early to avoid spending time and memory on
attempting to decode a corrupt image file.

Based on Qt5 patch for CVE-2018-19873.

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
(cherry picked from commit 5a61151fe9)
r14.0.x r14.0.6
Slávek Banko 5 years ago
parent a195af105a
commit ff46bf1d82
No known key found for this signature in database
GPG Key ID: 608F5293A04BE668
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
src/kernel/qimage.cpp
Unescape View File

@ -4667,6 +4667,8 @@ bool read_dib( TQDataStream& s, int offset, int startpos, TQImage& image )
if ( !(comp == BMP_RGB || (nbits == 4 && comp == BMP_RLE4) ||
(nbits == 8 && comp == BMP_RLE8) || ((nbits == 16 || nbits == 32) && comp == BMP_BITFIELDS)) )
return FALSE; // weird compression type
if ((w < 0) || ((w * abs(h)) > (16384 * 16384)))
return FALSE;
int ncols;
int depth;

Write Preview
Loading…
Cancel
Save