diff options
Diffstat (limited to 'src/gui/image')
-rw-r--r-- | src/gui/image/qbmphandler.cpp | 13 | ||||
-rw-r--r-- | src/gui/image/qgifhandler.cpp | 2 | ||||
-rw-r--r-- | src/gui/image/qimage_conversions.cpp | 8 |
3 files changed, 17 insertions, 6 deletions
diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp index 7a491d8736..f124cede36 100644 --- a/src/gui/image/qbmphandler.cpp +++ b/src/gui/image/qbmphandler.cpp @@ -484,12 +484,6 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int p = data + (h-y-1)*bpl; break; case 2: // delta (jump) - // Protection - if ((uint)x >= (uint)w) - x = w-1; - if ((uint)y >= (uint)h) - y = h-1; - { quint8 tmp; d->getChar((char *)&tmp); @@ -497,6 +491,13 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int d->getChar((char *)&tmp); y += tmp; } + + // Protection + if ((uint)x >= (uint)w) + x = w-1; + if ((uint)y >= (uint)h) + y = h-1; + p = data + (h-y-1)*bpl + x; break; default: // absolute mode diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp index 0a451e5ea3..7ba6b123e8 100644 --- a/src/gui/image/qgifhandler.cpp +++ b/src/gui/image/qgifhandler.cpp @@ -936,6 +936,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co void QGIFFormat::nextY(unsigned char *bits, int bpl) { + if (out_of_bounds) + return; int my; switch (interlace) { case 0: // Non-interlaced diff --git a/src/gui/image/qimage_conversions.cpp b/src/gui/image/qimage_conversions.cpp index 417c185c78..28e3a48689 100644 --- a/src/gui/image/qimage_conversions.cpp +++ b/src/gui/image/qimage_conversions.cpp @@ -681,6 +681,8 @@ static bool convert_BGR30_to_RGB30_inplace(QImageData *data, Qt::ImageConversion static bool convert_indexed8_to_ARGB_PM_inplace(QImageData *data, Qt::ImageConversionFlags) { Q_ASSERT(data->format == QImage::Format_Indexed8); + if (!data->own_data) + return false; const int depth = 32; const int dst_bytes_per_line = ((data->width * depth + 31) >> 5) << 2; @@ -733,6 +735,8 @@ static bool convert_indexed8_to_ARGB_PM_inplace(QImageData *data, Qt::ImageConve static bool convert_indexed8_to_RGB_inplace(QImageData *data, Qt::ImageConversionFlags) { Q_ASSERT(data->format == QImage::Format_Indexed8); + if (!data->own_data) + return false; const int depth = 32; const int dst_bytes_per_line = ((data->width * depth + 31) >> 5) << 2; @@ -782,6 +786,8 @@ static bool convert_indexed8_to_RGB_inplace(QImageData *data, Qt::ImageConversio static bool convert_indexed8_to_RGB16_inplace(QImageData *data, Qt::ImageConversionFlags) { Q_ASSERT(data->format == QImage::Format_Indexed8); + if (!data->own_data) + return false; const int depth = 16; const int dst_bytes_per_line = ((data->width * depth + 31) >> 5) << 2; @@ -837,6 +843,8 @@ static bool convert_indexed8_to_RGB16_inplace(QImageData *data, Qt::ImageConvers static bool convert_RGB_to_RGB16_inplace(QImageData *data, Qt::ImageConversionFlags) { Q_ASSERT(data->format == QImage::Format_RGB32); + if (!data->own_data) + return false; const int depth = 16; const int dst_bytes_per_line = ((data->width * depth + 31) >> 5) << 2; |