From aeec93483900e6e276b5dc8864f7bf13eaab9654 Mon Sep 17 00:00:00 2001 From: Albert Astals Cid Date: Fri, 8 Feb 2019 23:26:11 +0100 Subject: [PATCH] xcf: Fix uninitialized memory use on broken documents oss-fuzz/12871 --- src/imageformats/xcf.cpp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/imageformats/xcf.cpp b/src/imageformats/xcf.cpp index cdbcfba..a12aab0 100644 --- a/src/imageformats/xcf.cpp +++ b/src/imageformats/xcf.cpp @@ -1063,6 +1063,13 @@ bool XCFImageFormat::loadLevel(QDataStream &xcf_io, Layer &layer, qint32 bpp) xcf_io >> width >> height >> offset; if (offset == 0) { + // offset 0 with rowsxcols != 0 is probably an error since it means we have tiles + // without data but just clear the bits for now instead of returning false + for (uint j = 0; j < layer.nrows; j++) { + for (uint i = 0; i < layer.ncols; i++) { + layer.image_tiles[j][i].fill(Qt::transparent); + } + } return true; }