summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSlávek Banko <slavek.banko@axis.cz>2015-03-09 21:32:50 (GMT)
committer Slávek Banko <slavek.banko@axis.cz>2015-03-09 21:34:17 (GMT)
commitebf9a9871a1424469c6850d1844b1487e32d137a (patch)
treec7ca6688df4a8bbea7881ac664750fe5bb179a08
parentcc46bf4ecb4a9b79f4a11d08a68b09e6871dc1a6 (diff)
downloadtqt3-ebf9a987.zip
tqt3-ebf9a987.tar.gz
Fix security issue CVE-2014-0190
[taken from RedHat Qt3 patches]
-rw-r--r--src/kernel/qasyncimageio.cpp7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/kernel/qasyncimageio.cpp b/src/kernel/qasyncimageio.cpp
index c42e876..489d69a 100644
--- a/src/kernel/qasyncimageio.cpp
+++ b/src/kernel/qasyncimageio.cpp
@@ -904,7 +904,12 @@ int TQGIFFormat::decode(TQImage& img, TQImageConsumer* consumer,
sheight = newtop + newheight;
if (img.isNull()) {
- img.create(swidth, sheight, 32);
+ if (!img.create(swidth, sheight, 32)) {
+ // Check if the attempt to create the image failed. If
+ // it did, the image is broken and we should give up.
+ state = Error;
+ return -1;
+ }
memset( img.bits(), 0, img.numBytes() );
if (consumer) consumer->setSize(swidth, sheight);
}