Fix security issue CVE-2014-0190

[taken from RedHat Qt3 patches] (cherry picked from commit ad74a11abf9d62389a6bd74a6edf9cd73e36c8f7)
author: Slávek Banko <slavek.banko@axis.cz> 2015-03-09 22:33:13 +0100
committer: Slávek Banko <slavek.banko@axis.cz> 2015-03-09 22:38:57 +0100
commit: 5184b53b9bb7482df4092d8fd0b976ade554ba45 (patch)
tree: aefcfc7daefece02b8375ecffb5138f1453b9e72
parent: 2383ee57b0ca9f342f34cf46f57eb3a407ed79ab (diff)
download: qt3-5184b53b9bb7482df4092d8fd0b976ade554ba45.tar.gz
qt3-5184b53b9bb7482df4092d8fd0b976ade554ba45.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp
index 8ecd1eb..e16125b 100644
--- a/src/kernel/qasyncimageio.cpp
+++ b/src/kernel/qasyncimageio.cpp
@@ -904,7 +904,12 @@ int QGIFFormat::decode(QImage& img, QImageConsumer* consumer,
 		    sheight = newtop + newheight;
 
 		if (img.isNull()) {
-		    img.create(swidth, sheight, 32);
+		    if (!img.create(swidth, sheight, 32)) {
+			// Check if the attempt to create the image failed. If
+			// it did, the image is broken and we should give up.
+			state = Error;
+			return -1;
+		    }
 		    memset( img.bits(), 0, img.numBytes() );
 		    if (consumer) consumer->setSize(swidth, sheight);
 		}
author	Slávek Banko <slavek.banko@axis.cz>	2015-03-09 22:33:13 +0100
committer	Slávek Banko <slavek.banko@axis.cz>	2015-03-09 22:38:57 +0100
commit	5184b53b9bb7482df4092d8fd0b976ade554ba45 (patch)
tree	aefcfc7daefece02b8375ecffb5138f1453b9e72
parent	2383ee57b0ca9f342f34cf46f57eb3a407ed79ab (diff)
download	qt3-5184b53b9bb7482df4092d8fd0b976ade554ba45.tar.gz qt3-5184b53b9bb7482df4092d8fd0b976ade554ba45.zip