Reject tiled tiffs with corrupt tile size early

Work around a shortcoming in libtiff where it spends time discovering the corruption. Fixes: QTBUG-107223 Change-Id: Ib5da260fe971d0f7d808f7215bf388c443318cb4 Reviewed-by: Robert Löhning <robert.loehning@qt.io> (cherry picked from commit 4f83c3ebfdb2bc97162ac1065091c195b60ff5fb) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
author: Eirik Aavitsland <eirik.aavitsland@qt.io> 2022-10-07 09:34:30 +0200
committer: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> 2022-10-07 11:23:45 +0000
commit: ebd31cce4253ca7bad5178b1d5a552f58b836dce (patch)
tree: fb264e3c49717703c05bdcddd6742dcd352084d7
parent: ba989d06b9d338ed401b4e2a000fbeda9841a11c (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/plugins/imageformats/tiff/qtiffhandler.cpp b/src/plugins/imageformats/tiff/qtiffhandler.cpp
index 97592b9..84cd138 100644
--- a/src/plugins/imageformats/tiff/qtiffhandler.cpp
+++ b/src/plugins/imageformats/tiff/qtiffhandler.cpp
@@ -361,6 +361,8 @@ bool QTiffHandler::read(QImage *image)
     }
 
     TIFF *const tiff = d->tiff;
+    if (TIFFIsTiled(tiff) && TIFFTileSize64(tiff) > uint64_t(image->sizeInBytes())) // Corrupt image
+        return false;
     const quint32 width = d->size.width();
     const quint32 height = d->size.height();
author	Eirik Aavitsland <eirik.aavitsland@qt.io>	2022-10-07 09:34:30 +0200
committer	Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>	2022-10-07 11:23:45 +0000
commit	ebd31cce4253ca7bad5178b1d5a552f58b836dce (patch)
tree	fb264e3c49717703c05bdcddd6742dcd352084d7
parent	ba989d06b9d338ed401b4e2a000fbeda9841a11c (diff)