bmp image: check for out of range image size.

Make the decoder fail early to avoid spending time and memory on
attempting to decode a corrupt image file.

Based on Qt5 patch for CVE-2018-19873.

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
(cherry picked from commit a00e43bd1c)
r14.0.x r14.0.6
Slávek Banko 6 years ago
parent ac1b4232ff
commit 2fd4dcbf56
No known key found for this signature in database
GPG Key ID: 608F5293A04BE668

@ -4667,6 +4667,8 @@ bool read_dib( QDataStream& s, int offset, int startpos, QImage& image )
if ( !(comp == BMP_RGB || (nbits == 4 && comp == BMP_RLE4) ||
(nbits == 8 && comp == BMP_RLE8) || ((nbits == 16 || nbits == 32) && comp == BMP_BITFIELDS)) )
return FALSE; // weird compression type
if ((w < 0) || ((w * abs(h)) > (16384 * 16384)))
return FALSE;
int ncols;
int depth;

Loading…
Cancel
Save