summaryrefslogtreecommitdiffstats
path: root/src/gui/image
diff options
context:
space:
mode:
authorEirik Aavitsland <eirik.aavitsland@qt.io>2018-08-02 13:11:20 +0200
committerEirik Aavitsland <eirik.aavitsland@qt.io>2018-08-03 08:01:47 +0000
commit8c4207dddf9b2af0767de2ef0a10652612d462a5 (patch)
tree1dff39030ca2c9d75cea82ed1942eb2bfc17ce14 /src/gui/image
parent9d4d05ec536289d8d62cfed60e02f38febfc3052 (diff)
Fix crash in qppmhandler for certain malformed image files
The ppm format specifies that the maximum color value field must be less than 65536. The handler did not enforce this, leading to potentional overflow when the value was used in 16 bits context. Task-number: QTBUG-69449 Change-Id: Iea7a7e0f8953ec1ea8571e215687d12a9d77e11c Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Diffstat (limited to 'src/gui/image')
-rw-r--r--src/gui/image/qppmhandler.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/gui/image/qppmhandler.cpp b/src/gui/image/qppmhandler.cpp
index e9f5a905f0..53e3fa293d 100644
--- a/src/gui/image/qppmhandler.cpp
+++ b/src/gui/image/qppmhandler.cpp
@@ -115,7 +115,7 @@ static bool read_pbm_header(QIODevice *device, char& type, int& w, int& h, int&
else
mcc = read_pbm_int(device); // get max color component
- if (w <= 0 || w > 32767 || h <= 0 || h > 32767 || mcc <= 0)
+ if (w <= 0 || w > 32767 || h <= 0 || h > 32767 || mcc <= 0 || mcc > 0xffff)
return false; // weird P.M image
return true;