diff options
| author | Mauri VehniƤinen <ext-mauri.vehniainen@nokia.com> | 2011-02-18 09:10:08 (GMT) |
|---|---|---|
| committer | Jason McDonald <jason.mcdonald@nokia.com> | 2011-02-18 13:56:34 (GMT) |
| commit | d6c84875227f00b8db85685f53b355d4c58eacd2 (patch) | |
| tree | 8d67c735a742a9991aa58abf69a3d8541ac227d5 | |
| parent | 739b8a22ac9f39d0c59df53d99f518cf0553ca55 (diff) | |
| download | Qt-d6c84875227f00b8db85685f53b355d4c58eacd2.zip Qt-d6c84875227f00b8db85685f53b355d4c58eacd2.tar.gz Qt-d6c84875227f00b8db85685f53b355d4c58eacd2.tar.bz2 | |
Prevents crashing when ICO file has bad color table value
When color table value is read from ICO header memory allocation is
made based on this value. This case is relevant only when reading
8bit images. Therefore values over 256 will abort reading the image.
Task-number: QT-4535
Merge-request: 1090
Reviewed-by: Harald Fernengel <harald.fernengel@nokia.com>
(cherry picked from commit d6c1e5d78bdfbeb373970b65d8260f7e9f9ce1bd)
| -rw-r--r-- | src/plugins/imageformats/ico/qicohandler.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/plugins/imageformats/ico/qicohandler.cpp b/src/plugins/imageformats/ico/qicohandler.cpp index 6d0102b..3f33f23 100644 --- a/src/plugins/imageformats/ico/qicohandler.cpp +++ b/src/plugins/imageformats/ico/qicohandler.cpp @@ -559,6 +559,8 @@ QImage ICOReader::iconAt(int index) icoAttrib.ncolors = 0; else // # colors used icoAttrib.ncolors = header.biClrUsed ? header.biClrUsed : 1 << icoAttrib.nbits; + if (icoAttrib.ncolors > 256) //color table can't be more than 256 + return img; icoAttrib.w = iconEntry.bWidth; if (icoAttrib.w == 0) icoAttrib.w = header.biWidth; |