mirror/kimageformats
1
0
Fork 0
mirror of https://invent.kde.org/frameworks/kimageformats.git synced 2025-07-18 03:54:18 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add some sanity and bounds checking

Browse Source 
Since QImage does sanity checking for overflows and stuff wrt.
dimensions and depth, check for QImage::isNull() as early as possible to
see if there's some funky business going on.

Also tried to add some checks wherever we wrote to "raw" memory.

Unit tests pass, and tested converting some files from
https://samples.ffmpeg.org/image-samples/ to pngs, and that seemed to
work.

Reviewed By: aacid

Differential Revision: https://phabricator.kde.org/D24367
This commit is contained in:
Martin T. H. Sandsmark
2019-10-02 17:39:59 +02:00
parent f5b26cc9f9
commit 8562ce18f1
6 changed files with 106 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/imageformats/pcx.cpp
View File

@ -253,8 +253,10 @@ static void readImage1(QImage &img, QDataStream &s, const PCXHEADER &header)
img = QImage(header.width(), header.height(), QImage::Format_Mono);
img.setColorCount(2);
if (img.isNull())
if (img.isNull()) {
qWarning() << "Failed to allocate image, invalid dimensions?" << QSize(header.width(), header.height());
return;
}
for (int y = 0; y < header.height(); ++y) {
if (s.atEnd()) {
@ -282,6 +284,10 @@ static void readImage4(QImage &img, QDataStream &s, const PCXHEADER &header)
img = QImage(header.width(), header.height(), QImage::Format_Indexed8);
img.setColorCount(16);
if (img.isNull()) {
qWarning() << "Failed to allocate image, invalid dimensions?" << QSize(header.width(), header.height());
return;
}
for (int y = 0; y < header.height(); ++y) {
if (s.atEnd()) {
@ -301,6 +307,9 @@ static void readImage4(QImage &img, QDataStream &s, const PCXHEADER &header)
}
uchar *p = img.scanLine(y);
if (!p) {
qWarning() << "Failed to get scanline for" << y << "might be out of bounds";
}
for (int x = 0; x < header.width(); ++x) {
p[ x ] = pixbuf[ x ];
}
@ -319,6 +328,11 @@ static void readImage8(QImage &img, QDataStream &s, const PCXHEADER &header)
img = QImage(header.width(), header.height(), QImage::Format_Indexed8);
img.setColorCount(256);
if (img.isNull()) {
qWarning() << "Failed to allocate image, invalid dimensions?" << QSize(header.width(), header.height());
return;
}
for (int y = 0; y < header.height(); ++y) {
if (s.atEnd()) {
img = QImage();
@ -360,6 +374,11 @@ static void readImage24(QImage &img, QDataStream &s, const PCXHEADER &header)
img = QImage(header.width(), header.height(), QImage::Format_RGB32);
if (img.isNull()) {
qWarning() << "Failed to allocate image, invalid dimensions?" << QSize(header.width(), header.height());
return;
}
for (int y = 0; y < header.height(); ++y) {
if (s.atEnd()) {
img = QImage();