From 99bb24803a3cdc19d86e86e713ab5ec1d861ca75 Mon Sep 17 00:00:00 2001 From: Mirco Miranda Date: Tue, 5 Sep 2023 10:17:22 +0000 Subject: [PATCH] xcf: fix oss-fuzz issue May fix possible crash on QPainter. --- src/imageformats/xcf.cpp | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/imageformats/xcf.cpp b/src/imageformats/xcf.cpp index 8aba6f5..579a2a8 100644 --- a/src/imageformats/xcf.cpp +++ b/src/imageformats/xcf.cpp @@ -2784,7 +2784,10 @@ void XCFImageFormat::copyLayerToImage(XCFImage &xcf_image) QPainter painter(&image); painter.setOpacity(layer.opacity / 255.0); painter.setCompositionMode(QPainter::CompositionMode_Source); - painter.drawImage(x + layer.x_offset, y + layer.y_offset, layer.image_tiles[j][i]); + if (x + layer.x_offset < MAX_IMAGE_WIDTH && + y + layer.y_offset < MAX_IMAGE_HEIGHT) { + painter.drawImage(x + layer.x_offset, y + layer.y_offset, layer.image_tiles[j][i]); + } continue; } @@ -3184,7 +3187,10 @@ void XCFImageFormat::mergeLayerIntoImage(XCFImage &xcf_image) uint x = i * TILE_WIDTH; QImage &tile = layer.image_tiles[j][i]; - painter.drawImage(x + layer.x_offset, y + layer.y_offset, tile); + if (x + layer.x_offset < MAX_IMAGE_WIDTH && + y + layer.y_offset < MAX_IMAGE_HEIGHT) { + painter.drawImage(x + layer.x_offset, y + layer.y_offset, tile); + } } } @@ -3233,7 +3239,10 @@ void XCFImageFormat::mergeLayerIntoImage(XCFImage &xcf_image) QPainter painter(&image); painter.setOpacity(layer.opacity / 255.0); painter.setCompositionMode(QPainter::CompositionMode_SourceOver); - painter.drawImage(x + layer.x_offset, y + layer.y_offset, layer.image_tiles[j][i]); + if (x + layer.x_offset < MAX_IMAGE_WIDTH && + y + layer.y_offset < MAX_IMAGE_HEIGHT) { + painter.drawImage(x + layer.x_offset, y + layer.y_offset, layer.image_tiles[j][i]); + } continue; }