From 6dcea7fd01e013146a4c0f9ac5cb673a9953ad48 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Tue, 29 Jan 2019 11:19:58 +0100
Subject: [PATCH] rgb: Fix integer overflow in fuzzed file

oss-fuzz/12763
---
 src/imageformats/rgb.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/imageformats/rgb.cpp b/src/imageformats/rgb.cpp
index 4dcde6c..f47ed5a 100644
--- a/src/imageformats/rgb.cpp
+++ b/src/imageformats/rgb.cpp
@@ -312,8 +312,6 @@ bool SGIImage::readImage(QImage &img)
         return false;
     }
 
-    _numrows = _ysize * _zsize;
-
     img = QImage(_xsize, _ysize, QImage::Format_RGB32);
 
     if (_zsize == 0 )
@@ -323,8 +321,14 @@ bool SGIImage::readImage(QImage &img)
         img = img.convertToFormat(QImage::Format_ARGB32);
     } else if (_zsize > 4) {
 //         qDebug() << "using first 4 of " << _zsize << " channels";
+        // Only let this continue if it won't cause a int overflow later
+        // this is most likely a broken file anyway
+        if (_ysize > std::numeric_limits<int>::max() / _zsize)
+            return false;
     }
 
+    _numrows = _ysize * _zsize;
+
     if (_rle) {
         uint l;
         _starttab = new quint32[_numrows];