summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSlávek Banko <slavek.banko@axis.cz>2015-05-23 18:48:51 +0200
committerSlávek Banko <slavek.banko@axis.cz>2015-05-23 18:48:51 +0200
commit538d6a2440fbe645b970402fa7e86dfd3e36192b (patch)
tree3651689eb3a6090d02641d063bf3b1d355c4b0e1
parentb3037160f25730efca66966559779559a4946bf3 (diff)
downloadqt3-538d6a24.tar.gz
qt3-538d6a24.zip
Fix security issue CVE-2015-1860
[taken from RedHat Qt3 patches]
-rw-r--r--src/kernel/qasyncimageio.cpp2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp
index e16125b..7be8ddb 100644
--- a/src/kernel/qasyncimageio.cpp
+++ b/src/kernel/qasyncimageio.cpp
@@ -1226,6 +1226,8 @@ void QGIFFormat::fillRect(QImage& img, int col, int row, int w, int h, QRgb colo
void QGIFFormat::nextY(QImage& img, QImageConsumer* consumer)
{
+ if (out_of_bounds)
+ return;
int my;
switch (interlace) {
case 0: