From fada6a1cbd978ee81d76e937775e52a064a98362 Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Tue, 26 Jan 2021 19:29:22 +0100
Subject: Fix division by zero
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Consider a zero we need to divide with illegal input.

Fixes oss-fuzz 29347

Change-Id: I2aae1d765d2dd81c95d423038ef5cb878d4f8026
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
(cherry picked from commit 16b8d766abe86868597b30cec03152355ee1a91b)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/gui/painting/qicc.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src')

diff --git a/src/gui/painting/qicc.cpp b/src/gui/painting/qicc.cpp
index 149a67655a..bacf76997f 100644
--- a/src/gui/painting/qicc.cpp
+++ b/src/gui/painting/qicc.cpp
@@ -524,6 +524,8 @@ bool parseTRC(const QByteArray &data, const TagEntry &tagEntry, QColorTrc &gamma
                 return false;
             std::array<quint32_be, 3> parameters =
                 qFromUnaligned<decltype(parameters)>(data.constData() + parametersOffset);
+            if (parameters[1] == 0)
+                return false;
             float g = fromFixedS1516(parameters[0]);
             float a = fromFixedS1516(parameters[1]);
             float b = fromFixedS1516(parameters[2]);
@@ -537,6 +539,8 @@ bool parseTRC(const QByteArray &data, const TagEntry &tagEntry, QColorTrc &gamma
                 return false;
             std::array<quint32_be, 4> parameters =
                 qFromUnaligned<decltype(parameters)>(data.constData() + parametersOffset);
+            if (parameters[1] == 0)
+                return false;
             float g = fromFixedS1516(parameters[0]);
             float a = fromFixedS1516(parameters[1]);
             float b = fromFixedS1516(parameters[2]);
-- 
cgit v1.2.3