aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-qt/qt5/qtbase/0014-Fix-a-division-by-zero-when-processing-malformed-BMP.patch
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-qt/qt5/qtbase/0014-Fix-a-division-by-zero-when-processing-malformed-BMP.patch')
-rw-r--r--recipes-qt/qt5/qtbase/0014-Fix-a-division-by-zero-when-processing-malformed-BMP.patch47
1 files changed, 0 insertions, 47 deletions
diff --git a/recipes-qt/qt5/qtbase/0014-Fix-a-division-by-zero-when-processing-malformed-BMP.patch b/recipes-qt/qt5/qtbase/0014-Fix-a-division-by-zero-when-processing-malformed-BMP.patch
deleted file mode 100644
index 42159ef4..00000000
--- a/recipes-qt/qt5/qtbase/0014-Fix-a-division-by-zero-when-processing-malformed-BMP.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From a343de8e9b85b98f18446d045afbf6f1d3f6c5b4 Mon Sep 17 00:00:00 2001
-From: "Richard J. Moore" <rich@kde.org>
-Date: Sat, 21 Feb 2015 17:43:21 +0000
-Subject: [PATCH 14/14] Fix a division by zero when processing malformed BMP
- files.
-
-This fixes a division by 0 when processing a maliciously crafted BMP
-file. No impact beyond DoS.
-
-Upstream-Status: Backport from 5.4 branch
-
-Task-number: QTBUG-44547
-Change-Id: Ifcded2c0aa712e90d23e6b3969af0ec3add53973
-Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
-Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
----
- src/gui/image/qbmphandler.cpp | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp
-index 21c1a2f..df66499 100644
---- a/src/gui/image/qbmphandler.cpp
-+++ b/src/gui/image/qbmphandler.cpp
-@@ -314,12 +314,20 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
- }
- } else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) {
- red_shift = calc_shift(red_mask);
-+ if (((red_mask >> red_shift) + 1) == 0)
-+ return false;
- red_scale = 256 / ((red_mask >> red_shift) + 1);
- green_shift = calc_shift(green_mask);
-+ if (((green_mask >> green_shift) + 1) == 0)
-+ return false;
- green_scale = 256 / ((green_mask >> green_shift) + 1);
- blue_shift = calc_shift(blue_mask);
-+ if (((blue_mask >> blue_shift) + 1) == 0)
-+ return false;
- blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
- alpha_shift = calc_shift(alpha_mask);
-+ if (((alpha_mask >> alpha_shift) + 1) == 0)
-+ return false;
- alpha_scale = 256 / ((alpha_mask >> alpha_shift) + 1);
- } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) {
- blue_mask = 0x000000ff;
---
-2.3.1
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-08 23:16:16 +0000