diff options
author | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2018-11-27 15:25:53 +0100 |
---|---|---|
committer | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2018-12-03 11:25:30 +0000 |
commit | 49319734c11206f6993aa12b42a663d3906da26e (patch) | |
tree | 60eb28b11aa3dc0c1e1e9ce0e11f01b0660bae7e /src/plugins/imageformats | |
parent | 416b4cf685030114837bd375664fd12047895a62 (diff) |
ico image handler: check for out of range image size
Make the decoder fail early to avoid spending time and memory on
attempting to decode a corrupt image file.
Change-Id: I598db817c387867a449040f5be5427c8b8746483
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Diffstat (limited to 'src/plugins/imageformats')
-rw-r--r-- | src/plugins/imageformats/ico/qicohandler.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/plugins/imageformats/ico/qicohandler.cpp b/src/plugins/imageformats/ico/qicohandler.cpp index e61173db30..30935cacda 100644 --- a/src/plugins/imageformats/ico/qicohandler.cpp +++ b/src/plugins/imageformats/ico/qicohandler.cpp @@ -506,6 +506,8 @@ QImage ICOReader::iconAt(int index) icoAttrib.h = iconEntry.bHeight; if (icoAttrib.h == 0) // means 256 pixels icoAttrib.h = header.biHeight/2; + if (icoAttrib.w > 256 || icoAttrib.h > 256) // Max ico size + return img; QImage::Format format = QImage::Format_ARGB32; if (icoAttrib.nbits == 24) |