From 343954ca98bac316b28fd6af0262ced89aa5f05c Mon Sep 17 00:00:00 2001 From: Albert Astals Cid Date: Wed, 13 Apr 2022 23:06:15 +0200 Subject: [PATCH] psd: Fix crash on broken files Instead of resizing the bytearray to the potential size and then reading into it, ask the device to read into a bytearray, this way instead of a crash because we're trying to resize to a too big number we get a nice maxSize argument exceeds QByteArray size limit warning oss-fuzz/46664 --- src/imageformats/psd.cpp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/imageformats/psd.cpp b/src/imageformats/psd.cpp index 4d75003..84cca5a 100644 --- a/src/imageformats/psd.cpp +++ b/src/imageformats/psd.cpp @@ -271,9 +271,8 @@ PSDColorModeDataSection readColorModeDataSection(QDataStream &s, bool *ok = null // Official Adobe specification tells "Only indexed color and duotone // (see the mode field in the File header section) have color mode data.". // See test case images 32bit_grayscale.psd and 32bit-rgb.psd - auto&& ba = cms.duotone.data; - ba.resize(size); - if (s.readRawData(ba.data(), ba.size()) != ba.size()) + cms.duotone.data = s.device()->read(size); + if (cms.duotone.data.size() != size) *ok = false; } else { // read the palette (768 bytes)