diff options
author | Samuel Rødal <samuel.rodal@nokia.com> | 2010-09-17 17:47:56 (GMT) |
---|---|---|
committer | Samuel Rødal <samuel.rodal@nokia.com> | 2010-09-17 17:58:16 (GMT) |
commit | dd14f5ea568ce647638993da90112e71cffc9cc9 (patch) | |
tree | 6289ae3951898a7b3d9fc218cb6355a98ac4135c | |
parent | 4f33dbd5361c0875f39518b762a764478f04dd30 (diff) | |
download | Qt-dd14f5ea568ce647638993da90112e71cffc9cc9.zip Qt-dd14f5ea568ce647638993da90112e71cffc9cc9.tar.gz Qt-dd14f5ea568ce647638993da90112e71cffc9cc9.tar.bz2 |
Fixed memory corruption issue in qt_blurImage for Indexed8 images.
If transposed was set to 0 we did not check the color depth of the image
and ended up with a buffer overflow.
Reviewed-by: Jens Bache-Wiig
-rw-r--r-- | src/gui/image/qpixmapfilter.cpp | 15 | ||||
-rw-r--r-- | tests/auto/qpixmapfilter/tst_qpixmapfilter.cpp | 20 |
2 files changed, 31 insertions, 4 deletions
diff --git a/src/gui/image/qpixmapfilter.cpp b/src/gui/image/qpixmapfilter.cpp index 70770c4..26bffcc 100644 --- a/src/gui/image/qpixmapfilter.cpp +++ b/src/gui/image/qpixmapfilter.cpp @@ -764,10 +764,17 @@ void expblur(QImage &img, qreal radius, bool improvedQuality = false, int transp } if (transposed == 0) { - qt_memrotate90(reinterpret_cast<const quint32*>(temp.bits()), - temp.width(), temp.height(), temp.bytesPerLine(), - reinterpret_cast<quint32*>(img.bits()), - img.bytesPerLine()); + if (img.depth() == 8) { + qt_memrotate90(reinterpret_cast<const quint8*>(temp.bits()), + temp.width(), temp.height(), temp.bytesPerLine(), + reinterpret_cast<quint8*>(img.bits()), + img.bytesPerLine()); + } else { + qt_memrotate90(reinterpret_cast<const quint32*>(temp.bits()), + temp.width(), temp.height(), temp.bytesPerLine(), + reinterpret_cast<quint32*>(img.bits()), + img.bytesPerLine()); + } } else { img = temp; } diff --git a/tests/auto/qpixmapfilter/tst_qpixmapfilter.cpp b/tests/auto/qpixmapfilter/tst_qpixmapfilter.cpp index f0f087d..1f51d51 100644 --- a/tests/auto/qpixmapfilter/tst_qpixmapfilter.cpp +++ b/tests/auto/qpixmapfilter/tst_qpixmapfilter.cpp @@ -72,6 +72,7 @@ private slots: void convolutionBoundingRectFor(); void convolutionDrawSubRect(); void dropShadowBoundingRectFor(); + void blurIndexed8(); void testDefaultImplementations(); }; @@ -423,6 +424,25 @@ void tst_QPixmapFilter::dropShadowBoundingRectFor() QCOMPARE(filter.boundingRectFor(rect3), rect3.adjusted(-delta - 10, -delta - 10, 0, 0)); } +void qt_blurImage(QImage &blurImage, qreal radius, bool quality, int transposed); + +void tst_QPixmapFilter::blurIndexed8() +{ + QImage img(16, 32, QImage::Format_Indexed8); + img.setColorCount(256); + for (int i = 0; i < 256; ++i) + img.setColor(i, qRgb(i, i, i)); + + img.fill(255); + + QImage original = img; + qt_blurImage(img, 10, true, false); + QCOMPARE(original.size(), img.size()); + + original = img; + qt_blurImage(img, 10, true, true); + QCOMPARE(original.size(), QSize(img.height(), img.width())); +} QTEST_MAIN(tst_QPixmapFilter) #include "tst_qpixmapfilter.moc" |