bmp image: check for out of range image size.

Make the decoder fail early to avoid spending time and memory on
attempting to decode a corrupt image file.

Based on Qt5 patch for CVE-2018-19873.

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
pull/8/head
Slávek Banko 6 years ago
parent 83036c3af1
commit 5a61151fe9
No known key found for this signature in database
GPG Key ID: 608F5293A04BE668

@ -4667,6 +4667,8 @@ bool read_dib( TQDataStream& s, int offset, int startpos, TQImage& image )
if ( !(comp == BMP_RGB || (nbits == 4 && comp == BMP_RLE4) || if ( !(comp == BMP_RGB || (nbits == 4 && comp == BMP_RLE4) ||
(nbits == 8 && comp == BMP_RLE8) || ((nbits == 16 || nbits == 32) && comp == BMP_BITFIELDS)) ) (nbits == 8 && comp == BMP_RLE8) || ((nbits == 16 || nbits == 32) && comp == BMP_BITFIELDS)) )
return FALSE; // weird compression type return FALSE; // weird compression type
if ((w < 0) || ((w * abs(h)) > (16384 * 16384)))
return FALSE;
int ncols; int ncols;
int depth; int depth;

Loading…
Cancel
Save