diff options
| author | Slávek Banko <slavek.banko@axis.cz> | 2015-05-23 18:48:51 +0200 |
|---|---|---|
| committer | Slávek Banko <slavek.banko@axis.cz> | 2015-05-23 18:53:06 +0200 |
| commit | d3f640f17ccc031e7e547285b0d9e696a31919a9 (patch) | |
| tree | 00e56f409ac9c0d84c2f477155d3e9526d05e64d | |
| parent | a0008cd747a3ebcccedee198eee5d9de21fc05c9 (diff) | |
| download | qt3-d3f640f17ccc031e7e547285b0d9e696a31919a9.tar.gz qt3-d3f640f17ccc031e7e547285b0d9e696a31919a9.zip | |
Fix security issue CVE-2015-1860
[taken from RedHat Qt3 patches]
(cherry picked from commit 538d6a2440fbe645b970402fa7e86dfd3e36192b)
| -rw-r--r-- | src/kernel/qasyncimageio.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp index e16125b..7be8ddb 100644 --- a/src/kernel/qasyncimageio.cpp +++ b/src/kernel/qasyncimageio.cpp @@ -1226,6 +1226,8 @@ void QGIFFormat::fillRect(QImage& img, int col, int row, int w, int h, QRgb colo void QGIFFormat::nextY(QImage& img, QImageConsumer* consumer) { + if (out_of_bounds) + return; int my; switch (interlace) { case 0: |