summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSamuel Rødal <samuel.rodal@digia.com>2013-02-05 08:44:26 (GMT)
committerThe Qt Project <gerrit-noreply@qt-project.org>2013-02-08 07:39:25 (GMT)
commit56b5acb2a858d0eb276ecc06d63caa7275f44dd7 (patch)
treed90b2e1123281ef5a8bf2d609c0af9653516f95f
parentc4eaf24d9d783aef56ff1503c7b22f86316cfcb8 (diff)
downloadQt-56b5acb2a858d0eb276ecc06d63caa7275f44dd7.zip
Qt-56b5acb2a858d0eb276ecc06d63caa7275f44dd7.tar.gz
Qt-56b5acb2a858d0eb276ecc06d63caa7275f44dd7.tar.bz2
Fixed crash in image reader when reading certain BMP files.
If the high bit in a mask is set, for instance if the mask is 0xff000000, and we shift it to the right by 24 positions, since the mask was not declared as unsigned we ended up with a mask value of 0xffffffff. We then add 1 to this value and divide by the result, causing a division by zero crash. The masks need to be declared unsigned to prevent sign bit extension when shifting right. Task-number: QTBUG-29194 Change-Id: I1003d546a70d540b5c135b6b75dee9b4962a7210 Reviewed-by: Gunnar Sletta <gunnar.sletta@digia.com> (cherry picked from qtbase, af84313c622af880e95d461ea8b7dbca58d2dffa)
Diffstat
-rw-r--r--src/gui/image/qbmphandler.cpp8
-rw-r--r--tests/auto/qimagereader/images/rgb32bf.bmpbin0 -> 32578 bytes
-rw-r--r--tests/auto/qimagereader/qimagereader.qrc1
-rw-r--r--tests/auto/qimagereader/tst_qimagereader.cpp1
4 files changed, 6 insertions, 4 deletions
diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp
index d59c9d7..3d02caa 100644
--- a/src/gui/image/qbmphandler.cpp
+++ b/src/gui/image/qbmphandler.cpp
@@ -143,7 +143,7 @@ static QDataStream &operator<<(QDataStream &s, const BMP_INFOHDR &bi)
return s;
}
-static int calc_shift(int mask)
+static int calc_shift(uint mask)
{
int result = 0;
while (mask && !(mask & 1)) {
@@ -207,9 +207,9 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
#endif
int w = bi.biWidth, h = bi.biHeight, nbits = bi.biBitCount;
int t = bi.biSize, comp = bi.biCompression;
- int red_mask = 0;
- int green_mask = 0;
- int blue_mask = 0;
+ uint red_mask = 0;
+ uint green_mask = 0;
+ uint blue_mask = 0;
int red_shift = 0;
int green_shift = 0;
int blue_shift = 0;
diff --git a/tests/auto/qimagereader/images/rgb32bf.bmp b/tests/auto/qimagereader/images/rgb32bf.bmp
new file mode 100644
index 0000000..20fa9a1
--- /dev/null
+++ b/tests/auto/qimagereader/images/rgb32bf.bmp
Binary files differ
diff --git a/tests/auto/qimagereader/qimagereader.qrc b/tests/auto/qimagereader/qimagereader.qrc
index 03c03d6..f7fc718 100644
--- a/tests/auto/qimagereader/qimagereader.qrc
+++ b/tests/auto/qimagereader/qimagereader.qrc
@@ -38,6 +38,7 @@
<file>images/noclearcode.bmp</file>
<file>images/noclearcode.gif</file>
<file>images/nontransparent.xpm</file>
+ <file>images/rgb32bf.bmp</file>
<file>images/runners.ppm</file>
<file>images/teapot.ppm</file>
<file>images/test.ppm</file>
diff --git a/tests/auto/qimagereader/tst_qimagereader.cpp b/tests/auto/qimagereader/tst_qimagereader.cpp
index 6689d4f..c53488d 100644
--- a/tests/auto/qimagereader/tst_qimagereader.cpp
+++ b/tests/auto/qimagereader/tst_qimagereader.cpp
@@ -246,6 +246,7 @@ void tst_QImageReader::readImage_data()
QTest::newRow("BMP: 4bpp uncompressed") << QString("tst7.bmp") << true << QByteArray("bmp");
QTest::newRow("BMP: 16bpp") << QString("16bpp.bmp") << true << QByteArray("bmp");
QTest::newRow("BMP: negative height") << QString("negativeheight.bmp") << true << QByteArray("bmp");
+ QTest::newRow("BMP: high mask bit set") << QString("rgb32bf.bmp") << true << QByteArray("bmp");
QTest::newRow("XPM: marble") << QString("marble.xpm") << true << QByteArray("xpm");
QTest::newRow("PNG: kollada") << QString("kollada.png") << true << QByteArray("png");
QTest::newRow("PPM: teapot") << QString("teapot.ppm") << true << QByteArray("ppm");
generated by cgit v0.12 at 2024-12-04 22:11:02 (GMT)