Check for QImage allocation failure in qasyncimageio.

Since image files easily can be (or corrupt files claim to be) huge, it is worth checking for out of memory situations. Based on Qt5 patch for CVE-2018-19870. Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
author: Slávek Banko <slavek.banko@axis.cz> 2019-01-28 11:46:21 +0100
committer: Slávek Banko <slavek.banko@axis.cz> 2019-03-03 15:32:03 +0100
commit: a04cfea092d974109c6a883f26762be984805c8e (patch)
tree: df95895eadab4eeb39ac089fb31aed27ed1815a3
parent: ee61bf8d1a23872f247f6b1c2ba387fb7ae98e43 (diff)
download: qt3-a04cfea092d974109c6a883f26762be984805c8e.tar.gz
qt3-a04cfea092d974109c6a883f26762be984805c8e.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp
index 7be8ddb..18b3cca 100644
--- a/src/kernel/qasyncimageio.cpp
+++ b/src/kernel/qasyncimageio.cpp
@@ -964,9 +964,12 @@ int QGIFFormat::decode(QImage& img, QImageConsumer* consumer,
 		    if (backingstore.width() < w
 			|| backingstore.height() < h) {
 			// We just use the backing store as a byte array
-			backingstore.create( QMAX(backingstore.width(), w),
-					     QMAX(backingstore.height(), h),
-					     32);
+			if(!backingstore.create( QMAX(backingstore.width(), w),
+						 QMAX(backingstore.height(), h),
+						 32)) {
+				state = Error;
+				return -1;
+			}
 			memset( img.bits(), 0, img.numBytes() );
 		    }
 		    for (int ln=0; ln<h; ln++) {
author	Slávek Banko <slavek.banko@axis.cz>	2019-01-28 11:46:21 +0100
committer	Slávek Banko <slavek.banko@axis.cz>	2019-03-03 15:32:03 +0100
commit	a04cfea092d974109c6a883f26762be984805c8e (patch)
tree	df95895eadab4eeb39ac089fb31aed27ed1815a3
parent	ee61bf8d1a23872f247f6b1c2ba387fb7ae98e43 (diff)
download	qt3-a04cfea092d974109c6a883f26762be984805c8e.tar.gz qt3-a04cfea092d974109c6a883f26762be984805c8e.zip