From 3c68f26c052b06da9b43bb775cbe5a539fccb0c3 Mon Sep 17 00:00:00 2001
From: Neil Williams <neil@copycopy.cc>
Date: Tue, 8 Sep 2015 14:58:24 +0100
Subject: Fix null pointer use within Jpeg2000JasperReader

jas_image_create will return null if the image create fails, so the
return value must be checked.

Task-number: QTBUG-47998
Change-Id: I4cb8a44742ca30d1f0b335b2db2c7f283c968c78
Reviewed-by: aavit <eirik.aavitsland@theqtcompany.com>
---
 src/plugins/imageformats/jp2/qjp2handler.cpp | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/plugins/imageformats/jp2/qjp2handler.cpp b/src/plugins/imageformats/jp2/qjp2handler.cpp
index f69538c..f8f35b4 100644
--- a/src/plugins/imageformats/jp2/qjp2handler.cpp
+++ b/src/plugins/imageformats/jp2/qjp2handler.cpp
@@ -777,6 +777,9 @@ bool Jpeg2000JasperReader::write(const QImage &image, int quality)
 
     if (qtDepth == 32) { // RGB(A)
         jasper_image = newRGBAImage(qtWidth, qtHeight, qtImage.hasAlphaChannel());
+        if (!jasper_image)
+            return false;
+
         if (qtImage.hasAlphaChannel())
             copyQtJasper(&Jpeg2000JasperReader::copyScanlineQtJasperRGBA);
         else
@@ -785,6 +788,9 @@ bool Jpeg2000JasperReader::write(const QImage &image, int quality)
         // Color mapped grayscale
         if (qtImage.allGray()) {
             jasper_image = newGrayscaleImage(qtWidth, qtHeight, qtImage.hasAlphaChannel());
+            if (!jasper_image)
+                return false;
+
             if (qtImage.hasAlphaChannel())
                 copyQtJasper(&Jpeg2000JasperReader::copyScanlineQtJasperColormapGrayscaleA);
             else
@@ -792,6 +798,9 @@ bool Jpeg2000JasperReader::write(const QImage &image, int quality)
         } else {
             // Color mapped color
             jasper_image = newRGBAImage(qtWidth, qtHeight, qtImage.hasAlphaChannel());
+            if (!jasper_image)
+                return false;
+
             if (qtImage.hasAlphaChannel())
                 copyQtJasper(&Jpeg2000JasperReader::copyScanlineQtJasperColormapRGBA);
             else
@@ -1041,6 +1050,11 @@ jas_image_t* Jpeg2000JasperReader::newRGBAImage(const int width,
     jas_image_t *newImage = jas_image_create(jasNumComponents, params,
                                              JAS_CLRSPC_SRGB);
 
+    if (!newImage) {
+        delete[] params;
+        return 0;
+    }
+
     jas_image_setcmpttype(newImage, 0, JAS_IMAGE_CT_RGB_R);
     jas_image_setcmpttype(newImage, 1, JAS_IMAGE_CT_RGB_G);
     jas_image_setcmpttype(newImage, 2, JAS_IMAGE_CT_RGB_B);
@@ -1074,6 +1088,8 @@ jas_image_t *Jpeg2000JasperReader::newGrayscaleImage(const int width,
     jasNumComponents = alpha ? 2 : 1;
     jas_image_cmptparm_t param = createComponentMetadata(width, height);
     jas_image_t *newImage = jas_image_create(1, &param, JAS_CLRSPC_SGRAY);
+    if (!newImage)
+        return 0;
 
     jas_image_setcmpttype(newImage, 0, JAS_IMAGE_CT_GRAY_Y);
 
-- 
cgit v1.2.3