xpm image format: Reject corrupt images with invalid header info

The xpm handler did not properly check that the information read from the file header was sane. Task-number: QTBUG-59211 Change-Id: I84099777a16b2b0c473d139f5fdec1d0cb5d515e Reviewed-by: Paul Olav Tvete <paul.tvete@qt.io>
author: Eirik Aavitsland <eirik.aavitsland@qt.io> 2017-03-01 12:21:29 +0100
committer: Eirik Aavitsland <eirik.aavitsland@qt.io> 2017-03-13 11:15:17 +0000
commit: 0d287500be09c800fbcc8f04862d316075ced546 (patch)
tree: 411187d3447cc168b9f950974d2c891dbdb7a4a2 /src
parent: 2f10a6f04eb12db5d438c103431c0b35ae0a0ee2 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/gui/image/qxpmhandler.cpp b/src/gui/image/qxpmhandler.cpp
index 1f1f6b388f..ce7f7b8a0f 100644
--- a/src/gui/image/qxpmhandler.cpp
+++ b/src/gui/image/qxpmhandler.cpp
@@ -852,6 +852,9 @@ static bool read_xpm_header(
 #endif
         return false;                                        // < 4 numbers parsed
 
+    if (*w <= 0 || *w > 32767 || *h <= 0 || *h > 32767 || *ncols <= 0 || *ncols > (64 * 64 * 64 * 64) || *cpp <= 0 || *cpp > 15)
+        return false;                                        // failed sanity check
+
     return true;
 }
author	Eirik Aavitsland <eirik.aavitsland@qt.io>	2017-03-01 12:21:29 +0100
committer	Eirik Aavitsland <eirik.aavitsland@qt.io>	2017-03-13 11:15:17 +0000
commit	0d287500be09c800fbcc8f04862d316075ced546 (patch)
tree	411187d3447cc168b9f950974d2c891dbdb7a4a2 /src
parent	2f10a6f04eb12db5d438c103431c0b35ae0a0ee2 (diff)