diff options
author | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2022-10-07 09:34:30 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2022-10-07 10:23:45 +0000 |
commit | 354a3e66eabaecc5d8ddb03bb47e34700661700b (patch) | |
tree | f72dc0b5f87dd86ecbf6a0e34f61f546374cb53a | |
parent | 2171889201e21e17194321a85146f8e4d9e808a8 (diff) |
Reject tiled tiffs with corrupt tile size early
Work around a shortcoming in libtiff where it spends time discovering
the corruption.
Fixes: QTBUG-107223
Change-Id: Ib5da260fe971d0f7d808f7215bf388c443318cb4
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
(cherry picked from commit 4f83c3ebfdb2bc97162ac1065091c195b60ff5fb)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r-- | src/plugins/imageformats/tiff/qtiffhandler.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/plugins/imageformats/tiff/qtiffhandler.cpp b/src/plugins/imageformats/tiff/qtiffhandler.cpp index c2351f7..1ee96e5 100644 --- a/src/plugins/imageformats/tiff/qtiffhandler.cpp +++ b/src/plugins/imageformats/tiff/qtiffhandler.cpp @@ -336,6 +336,8 @@ bool QTiffHandler::read(QImage *image) } TIFF *const tiff = d->tiff; + if (TIFFIsTiled(tiff) && TIFFTileSize64(tiff) > uint64_t(image->sizeInBytes())) // Corrupt image + return false; const quint32 width = d->size.width(); const quint32 height = d->size.height(); |