diff options
author | Mauri VehniƤinen <ext-mauri.vehniainen@nokia.com> | 2011-02-18 09:10:08 (GMT) |
---|---|---|
committer | Harald Fernengel <harald.fernengel@nokia.com> | 2011-02-18 09:10:08 (GMT) |
commit | d6c1e5d78bdfbeb373970b65d8260f7e9f9ce1bd (patch) | |
tree | 9e4bca596855926829e48d1727ca7662de91c070 | |
parent | 1a9ea90144c7131029fdf19950d1f313a64eb4a1 (diff) | |
download | Qt-d6c1e5d78bdfbeb373970b65d8260f7e9f9ce1bd.zip Qt-d6c1e5d78bdfbeb373970b65d8260f7e9f9ce1bd.tar.gz Qt-d6c1e5d78bdfbeb373970b65d8260f7e9f9ce1bd.tar.bz2 |
Prevents crashing when ICO file has bad color table value
When color table value is read from ICO header memory allocation is
made based on this value. This case is relevant only when reading
8bit images. Therefore values over 256 will abort reading the image.
Task-number: QT-4535
Merge-request: 1090
Reviewed-by: Harald Fernengel <harald.fernengel@nokia.com>
-rw-r--r-- | src/plugins/imageformats/ico/qicohandler.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/plugins/imageformats/ico/qicohandler.cpp b/src/plugins/imageformats/ico/qicohandler.cpp index 5aa26d3..701207d 100644 --- a/src/plugins/imageformats/ico/qicohandler.cpp +++ b/src/plugins/imageformats/ico/qicohandler.cpp @@ -559,6 +559,8 @@ QImage ICOReader::iconAt(int index) icoAttrib.ncolors = 0; else // # colors used icoAttrib.ncolors = header.biClrUsed ? header.biClrUsed : 1 << icoAttrib.nbits; + if (icoAttrib.ncolors > 256) //color table can't be more than 256 + return img; icoAttrib.w = iconEntry.bWidth; if (icoAttrib.w == 0) icoAttrib.w = header.biWidth; |