From de7a9a84571918fa1ffd58ba6df35eed85c2882a Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Thu, 31 Jan 2019 01:02:57 +0100
Subject: [PATCH] ras: Fix assert because of ColorMapLength being too big

oss-fuzz/12785
---
 src/imageformats/ras.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/imageformats/ras.cpp b/src/imageformats/ras.cpp
index bdba79e..a09ac77 100644
--- a/src/imageformats/ras.cpp
+++ b/src/imageformats/ras.cpp
@@ -251,6 +251,10 @@ bool RASHandler::read(QImage *outImage)
     // Read image header.
     RasHeader ras;
     s >> ras;
+
+    if (ras.ColorMapLength > std::numeric_limits<int>::max())
+        return false;
+
     // TODO: add support for old versions of RAS where Length may be zero in header
     s.device()->seek(RasHeader::SIZE + ras.Length + ras.ColorMapLength);