From b3037160f25730efca66966559779559a4946bf3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sl=C3=A1vek=20Banko?= <slavek.banko@axis.cz>
Date: Mon, 9 Mar 2015 22:35:10 +0100
Subject: Fix security issue CVE-2015-0295 [taken from RedHat Qt3 patches]

---
 src/kernel/qimage.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/kernel/qimage.cpp b/src/kernel/qimage.cpp
index 4c489d2..60a9a5d 100644
--- a/src/kernel/qimage.cpp
+++ b/src/kernel/qimage.cpp
@@ -4716,10 +4716,16 @@ bool read_dib( QDataStream& s, int offset, int startpos, QImage& image )
 	if ( (Q_ULONG)d->readBlock( (char *)&blue_mask, sizeof(blue_mask) ) != sizeof(blue_mask) )
 	    return FALSE;
 	red_shift = calc_shift(red_mask);
+	if (((red_mask >> red_shift) + 1) == 0)
+	    return FALSE;
 	red_scale = 256 / ((red_mask >> red_shift) + 1);
 	green_shift = calc_shift(green_mask);
+	if (((green_mask >> green_shift) + 1) == 0)
+	    return FALSE;
 	green_scale = 256 / ((green_mask >> green_shift) + 1);
 	blue_shift = calc_shift(blue_mask);
+	if (((blue_mask >> blue_shift) + 1) == 0)
+	    return FALSE;
 	blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
     } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) {
 	blue_mask = 0x000000ff;
-- 
cgit v1.2.3