diff options
author | Albert Astals Cid <aacid@kde.org> | 2021-05-12 21:40:40 +0200 |
---|---|---|
committer | Albert Astals Cid <aacid@kde.org> | 2021-08-19 02:27:28 +0200 |
commit | 9e90682def0379baba4e3aec1980bdfe57bebdf5 (patch) | |
tree | 77764eeb9fd0aa47b55b08af24d6518d68e01be9 | |
parent | 6cee204d56205e250b0675c9c6d4dd8a2367f3c4 (diff) |
qpnghandler: Only assume we're past the input size if it returns a size
Size 0 is a "valid" answer for QIODevice implementations so we need to
make sure that we only enter the "try to workaround broken files" if we
know there is a size, otherwise the first read of length 4 that libpng
does breaks everything.
Change-Id: I1e396abd206ff90edae4372726f1d82d5d41ccf3
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | src/gui/image/qpnghandler.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/gui/image/qpnghandler.cpp b/src/gui/image/qpnghandler.cpp index c013a06813..9ef2af8e21 100644 --- a/src/gui/image/qpnghandler.cpp +++ b/src/gui/image/qpnghandler.cpp @@ -199,7 +199,7 @@ void iod_read_fn(png_structp png_ptr, png_bytep data, png_size_t length) QPngHandlerPrivate *d = (QPngHandlerPrivate *)png_get_io_ptr(png_ptr); QIODevice *in = d->q->device(); - if (d->state == QPngHandlerPrivate::ReadingEnd && !in->isSequential() && (in->size() - in->pos()) < 4 && length == 4) { + if (d->state == QPngHandlerPrivate::ReadingEnd && !in->isSequential() && in->size() > 0 && (in->size() - in->pos()) < 4 && length == 4) { // Workaround for certain malformed PNGs that lack the final crc bytes uchar endcrc[4] = { 0xae, 0x42, 0x60, 0x82 }; memcpy(data, endcrc, 4); |