From bdee1189bf52a00fa89a8898e92bf75c36930666 Mon Sep 17 00:00:00 2001 From: Albert Astals Cid Date: Wed, 3 Apr 2019 19:41:36 +0200 Subject: png handler: initialize all the variables passed to png_get_IHDR oss-fuzz found at least width is sometimes not initialized, and we're initializing almost all of them in most cases so be complete. the oss-fuzz instance was ==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x667c43 in operator!= /src/qtbase/src/corelib/tools/qsize.h:173:25 #1 0x667c43 in setup_qt /src/qtbase/src/gui/image/qpnghandler.cpp:403 Change-Id: Idb9aaf5ab85509d9c893beaf8d9118339ba46be7 Reviewed-by: Allan Sandfeld Jensen --- src/gui/image/qpnghandler.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/gui/image') diff --git a/src/gui/image/qpnghandler.cpp b/src/gui/image/qpnghandler.cpp index 808037f434..801b30881d 100644 --- a/src/gui/image/qpnghandler.cpp +++ b/src/gui/image/qpnghandler.cpp @@ -231,8 +231,8 @@ void setup_qt(QImage& image, png_structp png_ptr, png_infop info_ptr, QSize scal if (screen_gamma != 0.0 && file_gamma != 0.0) png_set_gamma(png_ptr, 1.0f / screen_gamma, file_gamma); - png_uint_32 width; - png_uint_32 height; + png_uint_32 width = 0; + png_uint_32 height = 0; int bit_depth = 0; int color_type = 0; png_bytep trans_alpha = 0; @@ -240,7 +240,7 @@ void setup_qt(QImage& image, png_structp png_ptr, png_infop info_ptr, QSize scal int num_trans; png_colorp palette = 0; int num_palette; - int interlace_method; + int interlace_method = PNG_INTERLACE_LAST; png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, &interlace_method, 0, 0); png_set_interlace_handling(png_ptr); @@ -677,7 +677,7 @@ bool QPngHandlerPrivate::readPngImage(QImage *outImage) QImage::Format QPngHandlerPrivate::readImageFormat() { QImage::Format format = QImage::Format_Invalid; - png_uint_32 width, height; + png_uint_32 width = 0, height = 0; int bit_depth = 0, color_type = 0; png_colorp palette; int num_palette; -- cgit v1.2.3