TGA handler: check for out of range image size5.6

Make the decoder fail early to avoid spending time and memory on attempting to decode a corrupt image file. Change-Id: Iac35e72de743f412a65d11c58fe7faa275dc4e41 Reviewed-by: Lars Knoll <lars.knoll@qt.io> (cherry picked from commit 7cfe47a8fe2f987fb2a066a696fb3d9d0afe4d65) Reviewed-by: Liang Qi <liang.qi@qt.io>
author: Eirik Aavitsland <eirik.aavitsland@qt.io> 2018-08-24 12:03:00 +0200
committer: Eirik Aavitsland <eirik.aavitsland@qt.io> 2018-09-03 11:31:25 +0000
commit: 9299ab07df61c56b70e047f1fe5f06b6ff541aa3 (patch)
tree: e7b3e559a6a0851ca85b085a57a64ec6f79fbb25
parent: b30914272b2695243747177db266d0965554dbb9 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/plugins/imageformats/tga/qtgafile.cpp b/src/plugins/imageformats/tga/qtgafile.cpp
index 4c6038b..9d97967 100644
--- a/src/plugins/imageformats/tga/qtgafile.cpp
+++ b/src/plugins/imageformats/tga/qtgafile.cpp
@@ -153,6 +153,12 @@ QTgaFile::QTgaFile(QIODevice *device)
     if (!validDepth)
     {
         mErrorMessage = tr("Image depth not valid");
+        return;
+    }
+    if (quint64(width()) * quint64(height()) > (8192 * 8192))
+    {
+        mErrorMessage = tr("Image size exceeds limit");
+        return;
     }
     int curPos = mDevice->pos();
     int fileBytes = mDevice->size();
@@ -223,6 +229,8 @@ QImage QTgaFile::readImage()
     unsigned char yCorner = desc & 0x20; // 0 = lower, 1 = upper
 
     QImage im(imageWidth, imageHeight, QImage::Format_ARGB32);
+    if (im.isNull())
+        return QImage();
     TgaReader *reader = 0;
     if (bitsPerPixel == 16)
         reader = new Tga16Reader();
author	Eirik Aavitsland <eirik.aavitsland@qt.io>	2018-08-24 12:03:00 +0200
committer	Eirik Aavitsland <eirik.aavitsland@qt.io>	2018-09-03 11:31:25 +0000
commit	9299ab07df61c56b70e047f1fe5f06b6ff541aa3 (patch)
tree	e7b3e559a6a0851ca85b085a57a64ec6f79fbb25
parent	b30914272b2695243747177db266d0965554dbb9 (diff)