1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

png/ico decoder: Don't try reading beyond the file

Browse Source 
This fixes oss-fuzz issue 44955.

Pick-to: 6.2 6.3
Change-Id: Ie74ae037630f83e64fd0678ff2eac579f35d02b8
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
This commit is contained in:
Robert Löhning 2022-02-25 20:26:59 +01:00
parent 38a86afcc4
commit 27fae7207f
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/plugins/imageformats/ico/qicohandler.cpp
View File

@ -1,6 +1,6 @@
/**************************************************************************** /****************************************************************************
** **
** Copyright (C) 2016 The Qt Company Ltd. ** Copyright (C) 2022 The Qt Company Ltd.
** Contact: https://www.qt.io/licensing/ ** Contact: https://www.qt.io/licensing/
** **
** This file is part of the plugins of the Qt Toolkit. ** This file is part of the plugins of the Qt Toolkit.
@ -466,7 +466,9 @@ QImage ICOReader::iconAt(int index)
static const uchar pngMagicData[] = { 137, 80, 78, 71, 13, 10, 26, 10 }; static const uchar pngMagicData[] = { 137, 80, 78, 71, 13, 10, 26, 10 };
iod->seek(iconEntry.dwImageOffset); if (!iod->seek(iconEntry.dwImageOffset)
|| iconEntry.dwBytesInRes > iod->bytesAvailable())
return img;
const QByteArray pngMagic = QByteArray::fromRawData((const char*)pngMagicData, sizeof(pngMagicData)); const QByteArray pngMagic = QByteArray::fromRawData((const char*)pngMagicData, sizeof(pngMagicData));
const bool isPngImage = (iod->read(pngMagic.size()) == pngMagic); const bool isPngImage = (iod->read(pngMagic.size()) == pngMagic);