xpm image format: Reject corrupt images with invalid header info

The xpm handler did not properly check that the information read from the file header was sane. Task-number: QTBUG-59211 Change-Id: I84099777a16b2b0c473d139f5fdec1d0cb5d515e Reviewed-by: Paul Olav Tvete <paul.tvete@qt.io> (cherry picked from commit 0d287500be09c800fbcc8f04862d316075ced546)
author: Eirik Aavitsland <eirik.aavitsland@qt.io> 2017-03-01 12:21:29 +0100
committer: Paul Olav Tvete <paul.tvete@qt.io> 2017-03-14 12:04:21 +0000
commit: ee1bda0fbd4d7d021fa636734c36905a920402e9 (patch)
tree: 7d897e9e21b8a2ce28d12365ebb0164117414129
parent: e8dc9ba49f22138228342c2c6473e7589d1dca94 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/gui/image/qxpmhandler.cpp b/src/gui/image/qxpmhandler.cpp
index b673ae5b33..f9fa61e897 100644
--- a/src/gui/image/qxpmhandler.cpp
+++ b/src/gui/image/qxpmhandler.cpp
@@ -846,6 +846,9 @@ static bool read_xpm_header(
 #endif
         return false;                                        // < 4 numbers parsed
 
+    if (*w <= 0 || *w > 32767 || *h <= 0 || *h > 32767 || *ncols <= 0 || *ncols > (64 * 64 * 64 * 64) || *cpp <= 0 || *cpp > 15)
+        return false;                                        // failed sanity check
+
     return true;
 }
author	Eirik Aavitsland <eirik.aavitsland@qt.io>	2017-03-01 12:21:29 +0100
committer	Paul Olav Tvete <paul.tvete@qt.io>	2017-03-14 12:04:21 +0000
commit	ee1bda0fbd4d7d021fa636734c36905a920402e9 (patch)
tree	7d897e9e21b8a2ce28d12365ebb0164117414129
parent	e8dc9ba49f22138228342c2c6473e7589d1dca94 (diff)