mirror/kimageformats
1
0
Fork 0
mirror of https://invent.kde.org/frameworks/kimageformats.git synced 2025-07-18 03:54:18 -04:00
Code Issues Packages Projects Releases Wiki Activity

rgb: Fix integer overflow in fuzzed file

Browse Source 
oss-fuzz/12763
This commit is contained in:
Albert Astals Cid
2019-01-29 11:19:58 +01:00
parent 4751e897ce
commit 6dcea7fd01
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/imageformats/rgb.cpp
View File

@ -312,8 +312,6 @@ bool SGIImage::readImage(QImage &img)
return false; return false;
} }
_numrows = _ysize * _zsize;
img = QImage(_xsize, _ysize, QImage::Format_RGB32); img = QImage(_xsize, _ysize, QImage::Format_RGB32);
if (_zsize == 0 ) if (_zsize == 0 )
@ -323,8 +321,14 @@ bool SGIImage::readImage(QImage &img)
img = img.convertToFormat(QImage::Format_ARGB32); img = img.convertToFormat(QImage::Format_ARGB32);
} else if (_zsize > 4) { } else if (_zsize > 4) {
// qDebug() << "using first 4 of " << _zsize << " channels"; // qDebug() << "using first 4 of " << _zsize << " channels";
// Only let this continue if it won't cause a int overflow later
// this is most likely a broken file anyway
if (_ysize > std::numeric_limits<int>::max() / _zsize)
return false;
} }
_numrows = _ysize * _zsize;
if (_rle) { if (_rle) {
uint l; uint l;
_starttab = new quint32[_numrows]; _starttab = new quint32[_numrows];