summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEirik Aavitsland <eirik.aavitsland@theqtcompany.com>2015-03-11 08:00:41 (GMT)
committeraavit <eirik.aavitsland@theqtcompany.com>2015-03-13 10:16:39 (GMT)
commita1cf194c54be57d6ab55dfd26b9562a60532208e (patch)
tree985d1185055e60c5617c54ef8d60b5604011ba66
parentfb7fa2918b558381dd98aff3d3250786300d8a3b (diff)
downloadQt-a1cf194c54be57d6ab55dfd26b9562a60532208e.zip
Qt-a1cf194c54be57d6ab55dfd26b9562a60532208e.tar.gz
Qt-a1cf194c54be57d6ab55dfd26b9562a60532208e.tar.bz2
Fixes crash in gif image decoder
Fuzzing test revealed that for certain malformed gif files, qgifhandler would segfault. Change-Id: I5bb6f60e1c61849e0d8c735edc3869945e5331c1 (cherry picked from qtbase/ea2c5417fcd374302f5019e67f72af5facbd29f6) Reviewed-by: Richard J. Moore <rich@kde.org>
-rw-r--r--src/gui/image/qgifhandler.cpp2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
index 5199dd3..49aa2a6 100644
--- a/src/gui/image/qgifhandler.cpp
+++ b/src/gui/image/qgifhandler.cpp
@@ -944,6 +944,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co
void QGIFFormat::nextY(unsigned char *bits, int bpl)
{
+ if (out_of_bounds)
+ return;
int my;
switch (interlace) {
case 0: // Non-interlaced