From 51ec7ebfe5f45d1c0a03d992e97053cac66e25fe Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
Date: Wed, 11 Mar 2015 13:34:01 +0100
Subject: Fixes crash in bmp and ico image decoding

Fuzzing test revealed that for certain malformed bmp and ico files,
the handler would segfault.

Change-Id: I19d45145f31e7f808f7f6a1a1610270ea4159cbe
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
---
 src/plugins/imageformats/ico/qicohandler.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/plugins/imageformats/ico')

diff --git a/src/plugins/imageformats/ico/qicohandler.cpp b/src/plugins/imageformats/ico/qicohandler.cpp
index 00de0c80ad..ec1654ec58 100644
--- a/src/plugins/imageformats/ico/qicohandler.cpp
+++ b/src/plugins/imageformats/ico/qicohandler.cpp
@@ -567,7 +567,7 @@ QImage ICOReader::iconAt(int index)
                 QImage::Format format = QImage::Format_ARGB32;
                 if (icoAttrib.nbits == 24)
                     format = QImage::Format_RGB32;
-                else if (icoAttrib.ncolors == 2)
+                else if (icoAttrib.ncolors == 2 && icoAttrib.depth == 1)
                     format = QImage::Format_Mono;
                 else if (icoAttrib.ncolors > 0)
                     format = QImage::Format_Indexed8;
-- 
cgit v1.2.3