diff options
| author | Albert Astals Cid <albert.astals.cid@kdab.com> | 2018-09-04 13:58:41 +0200 |
|---|---|---|
| committer | Albert Astals Cid <albert.astals.cid@kdab.com> | 2018-09-26 07:51:10 +0000 |
| commit | a3f575484a06dccff3b452a0f42df8a6d91666cb (patch) | |
| tree | 923b33659772862ba1cfb4e82c5e2e8614d07b95 /src | |
| parent | afb2619d76501b03a7e73fef7c3b0cce80e8e91a (diff) | |
qppmhandler: Fix undefined overflow behavior
By making the hardcoded values unsigned
image/qppmhandler.cpp:126:36: runtime error: signed integer overflow: 65535 * 65535 cannot be represented in type 'int'
#0 0x4cef10 in scale_pbm_color(unsigned short, unsigned short, unsigned short, unsigned short) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:126:36
#1 0x4cb1d5 in read_pbm_body(QIODevice*, char, int, int, int, QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:274:39
#2 0x4ca3d8 in QPpmHandler::read(QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:509:10
#3 0x4b238d in QImageReader::read(QImage*) /src/qt/qtbase/src/gui/image/qimagereader.cpp:1253:22
#4 0x4b1b61 in QImageReader::read() /src/qt/qtbase/src/gui/image/qimagereader.cpp:1201:12
#5 0x486f66 in QImage::fromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3624:37
#6 0x486cd8 in QImage::loadFromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3590:13
#7 0x434b2e in LLVMFuzzerTestOneInput /src/qimage_fuzzer.cc:28:7
#8 0x44b167 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:570:15
#9 0x43c8bd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6
#10 0x4407bb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9
#11 0x434bf8 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#12 0x7fd4d93b982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#13 0x409bb8 in _start (/out/qimage_fuzzer+0x409bb8)
Change-Id: I56674d0c2e59a30095552eb84aba17d7b516dd4a
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Diffstat (limited to 'src')
| -rw-r--r-- | src/gui/image/qppmhandler.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/gui/image/qppmhandler.cpp b/src/gui/image/qppmhandler.cpp index 53e3fa293d..1863c58ff0 100644 --- a/src/gui/image/qppmhandler.cpp +++ b/src/gui/image/qppmhandler.cpp @@ -123,7 +123,7 @@ static bool read_pbm_header(QIODevice *device, char& type, int& w, int& h, int& static inline QRgb scale_pbm_color(quint16 mx, quint16 rv, quint16 gv, quint16 bv) { - return QRgba64::fromRgba64((rv * 0xffff) / mx, (gv * 0xffff) / mx, (bv * 0xffff) / mx, 0xffff).toArgb32(); + return QRgba64::fromRgba64((rv * 0xffffu) / mx, (gv * 0xffffu) / mx, (bv * 0xffffu) / mx, 0xffff).toArgb32(); } static bool read_pbm_body(QIODevice *device, char type, int w, int h, int mcc, QImage *outImage) |