diff options
author | Samuel Rødal <samuel.rodal@digia.com> | 2013-02-05 09:44:26 +0100 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-02-06 09:59:56 +0100 |
commit | af84313c622af880e95d461ea8b7dbca58d2dffa (patch) | |
tree | bf915de41cd20aebbcda739cfa0ecbc7ee288eef | |
parent | c3ae1c76f349bac2e262929d29163cd9b5d60332 (diff) |
Fixed crash in image reader when reading certain BMP files.
If the high bit in a mask is set, for instance if the mask is
0xff000000, and we shift it to the right by 24 positions, since the mask
was not declared as unsigned we ended up with a mask value of
0xffffffff. We then add 1 to this value and divide by the result,
causing a division by zero crash.
The masks need to be declared unsigned to prevent sign bit extension
when shifting right.
Task-number: QTBUG-29194
Change-Id: I79260344cebfbdd3ea86416a9c734dca76517999
Reviewed-by: Gunnar Sletta <gunnar.sletta@digia.com>
-rw-r--r-- | src/gui/image/qbmphandler.cpp | 8 | ||||
-rw-r--r-- | tests/auto/gui/image/qimagereader/images/rgb32bf.bmp | bin | 0 -> 32578 bytes | |||
-rw-r--r-- | tests/auto/gui/image/qimagereader/qimagereader.qrc | 1 | ||||
-rw-r--r-- | tests/auto/gui/image/qimagereader/tst_qimagereader.cpp | 1 |
4 files changed, 6 insertions, 4 deletions
diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp index 062714c769..6abde5e420 100644 --- a/src/gui/image/qbmphandler.cpp +++ b/src/gui/image/qbmphandler.cpp @@ -143,7 +143,7 @@ static QDataStream &operator<<(QDataStream &s, const BMP_INFOHDR &bi) return s; } -static int calc_shift(int mask) +static int calc_shift(uint mask) { int result = 0; while (mask && !(mask & 1)) { @@ -207,9 +207,9 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int #endif int w = bi.biWidth, h = bi.biHeight, nbits = bi.biBitCount; int t = bi.biSize, comp = bi.biCompression; - int red_mask = 0; - int green_mask = 0; - int blue_mask = 0; + uint red_mask = 0; + uint green_mask = 0; + uint blue_mask = 0; int red_shift = 0; int green_shift = 0; int blue_shift = 0; diff --git a/tests/auto/gui/image/qimagereader/images/rgb32bf.bmp b/tests/auto/gui/image/qimagereader/images/rgb32bf.bmp Binary files differnew file mode 100644 index 0000000000..20fa9a1326 --- /dev/null +++ b/tests/auto/gui/image/qimagereader/images/rgb32bf.bmp diff --git a/tests/auto/gui/image/qimagereader/qimagereader.qrc b/tests/auto/gui/image/qimagereader/qimagereader.qrc index 7eb70c866c..2522154b1f 100644 --- a/tests/auto/gui/image/qimagereader/qimagereader.qrc +++ b/tests/auto/gui/image/qimagereader/qimagereader.qrc @@ -34,6 +34,7 @@ <file>images/noclearcode.bmp</file> <file>images/noclearcode.gif</file> <file>images/nontransparent.xpm</file> + <file>images/rgb32bf.bmp</file> <file>images/runners.ppm</file> <file>images/teapot.ppm</file> <file>images/test.ppm</file> diff --git a/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp b/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp index 50176d2430..4b3db26685 100644 --- a/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp +++ b/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp @@ -222,6 +222,7 @@ void tst_QImageReader::readImage_data() QTest::newRow("BMP: 4bpp uncompressed") << QString("tst7.bmp") << true << QByteArray("bmp"); QTest::newRow("BMP: 16bpp") << QString("16bpp.bmp") << true << QByteArray("bmp"); QTest::newRow("BMP: negative height") << QString("negativeheight.bmp") << true << QByteArray("bmp"); + QTest::newRow("BMP: high mask bit set") << QString("rgb32bf.bmp") << true << QByteArray("bmp"); QTest::newRow("XPM: marble") << QString("marble.xpm") << true << QByteArray("xpm"); QTest::newRow("PNG: kollada") << QString("kollada.png") << true << QByteArray("png"); QTest::newRow("PPM: teapot") << QString("teapot.ppm") << true << QByteArray("ppm"); |