qpnghandler: Only assume we're past the input size if it returns a size

Size 0 is a "valid" answer for QIODevice implementations so we need to make sure that we only enter the "try to workaround broken files" if we know there is a size, otherwise the first read of length 4 that libpng does breaks everything. Change-Id: I1e396abd206ff90edae4372726f1d82d5d41ccf3 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Albert Astals Cid <aacid@kde.org> 2021-05-12 21:40:40 +0200
committer: Albert Astals Cid <aacid@kde.org> 2021-08-19 02:27:28 +0200
commit: 9e90682def0379baba4e3aec1980bdfe57bebdf5 (patch)
tree: 77764eeb9fd0aa47b55b08af24d6518d68e01be9
parent: 6cee204d56205e250b0675c9c6d4dd8a2367f3c4 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/gui/image/qpnghandler.cpp b/src/gui/image/qpnghandler.cpp
index c013a06813..9ef2af8e21 100644
--- a/src/gui/image/qpnghandler.cpp
+++ b/src/gui/image/qpnghandler.cpp
@@ -199,7 +199,7 @@ void iod_read_fn(png_structp png_ptr, png_bytep data, png_size_t length)
     QPngHandlerPrivate *d = (QPngHandlerPrivate *)png_get_io_ptr(png_ptr);
     QIODevice *in = d->q->device();
 
-    if (d->state == QPngHandlerPrivate::ReadingEnd && !in->isSequential() && (in->size() - in->pos()) < 4 && length == 4) {
+    if (d->state == QPngHandlerPrivate::ReadingEnd && !in->isSequential() && in->size() > 0 && (in->size() - in->pos()) < 4 && length == 4) {
         // Workaround for certain malformed PNGs that lack the final crc bytes
         uchar endcrc[4] = { 0xae, 0x42, 0x60, 0x82 };
         memcpy(data, endcrc, 4);
author	Albert Astals Cid <aacid@kde.org>	2021-05-12 21:40:40 +0200
committer	Albert Astals Cid <aacid@kde.org>	2021-08-19 02:27:28 +0200
commit	9e90682def0379baba4e3aec1980bdfe57bebdf5 (patch)
tree	77764eeb9fd0aa47b55b08af24d6518d68e01be9
parent	6cee204d56205e250b0675c9c6d4dd8a2367f3c4 (diff)