ico image handler: check for out of range image size

Make the decoder fail early to avoid spending time and memory on attempting to decode a corrupt image file. Change-Id: I598db817c387867a449040f5be5427c8b8746483 Reviewed-by: Lars Knoll <lars.knoll@qt.io>
author: Eirik Aavitsland <eirik.aavitsland@qt.io> 2018-11-27 15:25:53 +0100
committer: Eirik Aavitsland <eirik.aavitsland@qt.io> 2018-12-03 11:25:30 +0000
commit: 49319734c11206f6993aa12b42a663d3906da26e (patch)
tree: 60eb28b11aa3dc0c1e1e9ce0e11f01b0660bae7e /src/plugins/imageformats
parent: 416b4cf685030114837bd375664fd12047895a62 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/plugins/imageformats/ico/qicohandler.cpp b/src/plugins/imageformats/ico/qicohandler.cpp
index e61173db30..30935cacda 100644
--- a/src/plugins/imageformats/ico/qicohandler.cpp
+++ b/src/plugins/imageformats/ico/qicohandler.cpp
@@ -506,6 +506,8 @@ QImage ICOReader::iconAt(int index)
                 icoAttrib.h = iconEntry.bHeight;
                 if (icoAttrib.h == 0) // means 256 pixels
                     icoAttrib.h = header.biHeight/2;
+                if (icoAttrib.w > 256 || icoAttrib.h > 256) // Max ico size
+                    return img;
 
                 QImage::Format format = QImage::Format_ARGB32;
                 if (icoAttrib.nbits == 24)
author	Eirik Aavitsland <eirik.aavitsland@qt.io>	2018-11-27 15:25:53 +0100
committer	Eirik Aavitsland <eirik.aavitsland@qt.io>	2018-12-03 11:25:30 +0000
commit	49319734c11206f6993aa12b42a663d3906da26e (patch)
tree	60eb28b11aa3dc0c1e1e9ce0e11f01b0660bae7e /src/plugins/imageformats
parent	416b4cf685030114837bd375664fd12047895a62 (diff)