diff options
| author | Qt Continuous Integration System <qt-info@nokia.com> | 2010-11-05 05:13:42 (GMT) |
|---|---|---|
| committer | Qt Continuous Integration System <qt-info@nokia.com> | 2010-11-05 05:13:42 (GMT) |
| commit | c791b300b288635ed018d50c5e6e28859b374b5e (patch) | |
| tree | d2e1c82246fd860a82062bd11df06d4d984fc9e9 /src/gui | |
| parent | 8a986d6fc4f0b87eda4f4f364cac6b39bbce5896 (diff) | |
| parent | 9615608afa7e0a62d1a444b699f40aeeaeaf41de (diff) | |
| download | Qt-c791b300b288635ed018d50c5e6e28859b374b5e.zip Qt-c791b300b288635ed018d50c5e6e28859b374b5e.tar.gz Qt-c791b300b288635ed018d50c5e6e28859b374b5e.tar.bz2 | |
Merge branch '4.7' of scm.dev.nokia.troll.no:qt/oslo-staging-1 into 4.7-integration
* '4.7' of scm.dev.nokia.troll.no:qt/oslo-staging-1:
Fix opening a network session multiple times in succession.
Fix synchronous dispatch in ICD in non-main threads.
Russian translation update
QNAM HTTP: Download last chunk properly when readBufferSize() limited
Prevent access to non-existent memory in QGL2PEXVertexArray
Prevent excessive seeks in xbm detection
Diffstat (limited to 'src/gui')
| -rw-r--r-- | src/gui/image/qxbmhandler.cpp | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp index 0dd4e99..f9c2e0c 100644 --- a/src/gui/image/qxbmhandler.cpp +++ b/src/gui/image/qxbmhandler.cpp @@ -66,27 +66,36 @@ static inline int hex2byte(register char *p) static bool read_xbm_header(QIODevice *device, int& w, int& h) { const int buflen = 300; + const int maxlen = 4096; char buf[buflen + 1]; QRegExp r1(QLatin1String("^#define[ \t]+[a-zA-Z0-9._]+[ \t]+")); QRegExp r2(QLatin1String("[0-9]+")); qint64 readBytes = 0; + qint64 totalReadBytes = 0; - // "#define .._width <num>" - readBytes = device->readLine(buf, buflen); - if (readBytes <= 0) - return false; - buf[readBytes - 1] = '\0'; + buf[0] = '\0'; // skip initial comment, if any - while (buf[0] != '#' && (readBytes = device->readLine( buf, buflen )) > 0) {} + while (buf[0] != '#') { + readBytes = device->readLine(buf, buflen); + + // if readBytes >= buflen, it's very probably not a C file + if (readBytes <= 0 || readBytes >= buflen -1) + return false; + + // limit xbm headers to the first 4k in the file to prevent + // excessive reads on non-xbm files + totalReadBytes += readBytes; + if (totalReadBytes >= maxlen) + return false; + } - if (readBytes <= 0) - return false; buf[readBytes - 1] = '\0'; QString sbuf; sbuf = QString::fromLatin1(buf); + // "#define .._width <num>" if (r1.indexIn(sbuf) == 0 && r2.indexIn(sbuf, r1.matchedLength()) == r1.matchedLength()) w = QByteArray(&buf[r1.matchedLength()]).trimmed().toInt(); |