Fix buffer overflow

Fixes: oss-fuzz-23988
Pick-to: 5.15 5.12
Change-Id: I4efdbfc3c0a96917c0c8224642896088ade99f35
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>

2 files changed, 9 insertions, 0 deletions

diff --git a/tests/auto/gui/image/qimagereader/images/oss-fuzz-23988.xpm b/tests/auto/gui/image/qimagereader/images/oss-fuzz-23988.xpm
new file mode 100644
index 0000000000..7e6c1e4ca2
--- /dev/null
+++ b/tests/auto/gui/image/qimagereader/images/oss-fuzz-23988.xpm
@@ -0,0 +1 @@
+/* XPM "20 8 1 7""    ÿÿ c  ÿ"  "             ÿÿÿÿÿÿÿ                " 
\ No newline at end of file
diff --git a/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp b/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp
index bea7d610b8..cf8a0d1cff 100644
--- a/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp
+++ b/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp
@@ -173,6 +173,8 @@ private slots:
     void devicePixelRatio_data();
     void devicePixelRatio();
 
+    void xpmBufferOverflow();
+
 private:
     QString prefix;
     QTemporaryDir m_temporaryDir;
@@ -2047,5 +2049,11 @@ void tst_QImageReader::devicePixelRatio()
     QCOMPARE(img.devicePixelRatio(), dpr);
 }
 
+void tst_QImageReader::xpmBufferOverflow()
+{
+    // Please note that the overflow only showed when Qt was configured with "-sanitize address".
+    QImageReader(":/images/oss-fuzz-23988.xpm").read();
+}
+
 QTEST_MAIN(tst_QImageReader)
 #include "tst_qimagereader.moc"