Use checked image allocation on reading

Use the imageIO's common QImage creation function that implements
QImageReader's allocation limit that was introduced in Qt 6.

A few related checks against corrupt image files added as driveby.

Pick-to: 6.1 6.0
Change-Id: If5b87cd1b7b2de67ecd023a82ae2168a032fa52e
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

1 files changed, 7 insertions, 2 deletions

diff --git a/src/plugins/imageformats/webp/qwebphandler.cpp b/src/plugins/imageformats/webp/qwebphandler.cpp
index 82d38cb..eb375ec 100644
--- a/src/plugins/imageformats/webp/qwebphandler.cpp
+++ b/src/plugins/imageformats/webp/qwebphandler.cpp
@@ -122,7 +122,10 @@ bool QWebpHandler::ensureScanned() const
                 that->m_frameCount = WebPDemuxGetI(m_demuxer, WEBP_FF_FRAME_COUNT);
                 that->m_bgColor = QColor::fromRgba(QRgb(WebPDemuxGetI(m_demuxer, WEBP_FF_BACKGROUND_COLOR)));
 
-                that->m_composited = new QImage(that->m_features.width, that->m_features.height, QImage::Format_ARGB32);
+                QSize sz(that->m_features.width, that->m_features.height);
+                that->m_composited = new QImage;
+                if (!QImageIOHandler::allocateImage(sz, QImage::Format_ARGB32, that->m_composited))
+                    return false;
                 if (that->m_features.has_alpha)
                     that->m_composited->fill(Qt::transparent);
 
@@ -195,7 +198,9 @@ bool QWebpHandler::read(QImage *image)
         return false;
 
     QImage::Format format = m_features.has_alpha ? QImage::Format_ARGB32 : QImage::Format_RGB32;
-    QImage frame(m_iter.width, m_iter.height, format);
+    QImage frame;
+    if (!QImageIOHandler::allocateImage(QSize(m_iter.width, m_iter.height), format, &frame))
+        return false;
     uint8_t *output = frame.bits();
     size_t output_size = frame.sizeInBytes();
 #if Q_BYTE_ORDER == Q_LITTLE_ENDIAN