Handle desc tags the same way for OOB checks as the other tags

Including one entry of the value in the header is pointless after the unaligned access rewrite, and a potentially dangerous pattern, though safe here due to overchecking. Change-Id: I4c0380040f89920467c309503408f1df6f88423f Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io> (cherry picked from commit 90e9974f1596cb6fd9cf15ddf9e34d15a387bb7b) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2021-02-26 10:22:10 +0100
committer: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> 2021-03-02 14:17:14 +0000
commit: b9992fcf915d813791aaebfb95a1b6ae8c07f4da (patch)
tree: 2228622d21e3ae6e954a674d2d8cfde33626acd9
parent: c3c76517dd6b147d206e42450565919e78228b69 (diff)
1 files changed, 3 insertions, 7 deletions
diff --git a/src/gui/painting/qicc.cpp b/src/gui/painting/qicc.cpp
index 6739012a25..2e6d295ce5 100644
--- a/src/gui/painting/qicc.cpp
+++ b/src/gui/painting/qicc.cpp
@@ -176,7 +176,7 @@ struct ParaTagData : GenericTagData {
 
 struct DescTagData : GenericTagData {
     quint32_be asciiDescriptionLength;
-    char asciiDescription[1];
+    // followed by ascii description: char[]
     // .. we ignore the rest
 };
 
@@ -594,18 +594,14 @@ bool parseDesc(const QByteArray &data, const TagEntry &tagEntry, QString &descNa
 
     // Either 'desc' (ICCv2) or 'mluc' (ICCv4)
     if (tag.type == quint32(Tag::desc)) {
-        if (tagEntry.size < sizeof(DescTagData))
-            return false;
+        Q_STATIC_ASSERT(sizeof(DescTagData) == 12);
         const DescTagData desc = qFromUnaligned<DescTagData>(data.constData() + tagEntry.offset);
         const quint32 len = desc.asciiDescriptionLength;
         if (len < 1)
             return false;
         if (tagEntry.size - 12 < len)
             return false;
-        static_assert(sizeof(GenericTagData) == 2 * sizeof(quint32_be),
-                      "GenericTagData has padding. The following code is a subject to UB.");
-        const char *asciiDescription = data.constData() + tagEntry.offset + sizeof(GenericTagData)
-                                       + sizeof(quint32_be);
+        const char *asciiDescription = data.constData() + tagEntry.offset + sizeof(DescTagData);
         if (asciiDescription[len - 1] != '\0')
             return false;
         descName = QString::fromLatin1(asciiDescription, len - 1);
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2021-02-26 10:22:10 +0100
committer	Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>	2021-03-02 14:17:14 +0000
commit	b9992fcf915d813791aaebfb95a1b6ae8c07f4da (patch)
tree	2228622d21e3ae6e954a674d2d8cfde33626acd9
parent	c3c76517dd6b147d206e42450565919e78228b69 (diff)