Check for TQImage allocation failure in qasyncimageio.

Since image files easily can be (or corrupt files claim to be) huge, it is worth checking for out of memory situations. Based on Qt5 patch for CVE-2018-19870. Signed-off-by: Slávek Banko <slavek.banko@axis.cz> (cherry picked from commit 83036c3af1ff5439b9106a31738650c54920e475)
author: Slávek Banko <slavek.banko@axis.cz> 2019-01-28 10:56:46 +0100
committer: Slávek Banko <slavek.banko@axis.cz> 2019-03-03 15:37:40 +0100
commit: a195af105a60fceff3d3a7850282f12f5a903d06 (patch)
tree: 9097d45972027af5e851dc32ec924e7b8d8341bb /src
parent: 07eabff779898c37715ebe97d5a2ee55aa629dd9 (diff)
download: tqt-a195af105a60fceff3d3a7850282f12f5a903d06.tar.gz
tqt-a195af105a60fceff3d3a7850282f12f5a903d06.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp
index e26ef399d..5d675de25 100644
--- a/src/kernel/qasyncimageio.cpp
+++ b/src/kernel/qasyncimageio.cpp
@@ -964,9 +964,12 @@ int TQGIFFormat::decode(TQImage& img, TQImageConsumer* consumer,
 		    if (backingstore.width() < w
 			|| backingstore.height() < h) {
 			// We just use the backing store as a byte array
-			backingstore.create( TQMAX(backingstore.width(), w),
-					     TQMAX(backingstore.height(), h),
-					     32);
+			if(!backingstore.create( TQMAX(backingstore.width(), w),
+						 TQMAX(backingstore.height(), h),
+						 32)) {
+				state = Error;
+				return -1;
+			}
 			memset( img.bits(), 0, img.numBytes() );
 		    }
 		    for (int ln=0; ln<h; ln++) {
author	Slávek Banko <slavek.banko@axis.cz>	2019-01-28 10:56:46 +0100
committer	Slávek Banko <slavek.banko@axis.cz>	2019-03-03 15:37:40 +0100
commit	a195af105a60fceff3d3a7850282f12f5a903d06 (patch)
tree	9097d45972027af5e851dc32ec924e7b8d8341bb /src
parent	07eabff779898c37715ebe97d5a2ee55aa629dd9 (diff)
download	tqt-a195af105a60fceff3d3a7850282f12f5a903d06.tar.gz tqt-a195af105a60fceff3d3a7850282f12f5a903d06.zip