ico image handler: check for out of range image size

Make the decoder fail early to avoid spending time and memory on attempting to decode a corrupt image file. Change-Id: I598db817c387867a449040f5be5427c8b8746483 Reviewed-by: Lars Knoll <lars.knoll@qt.io>
2018-11-27 15:25:53 +01:00 · 2018-11-27 15:25:53 +01:00 · 49319734c1
commit 49319734c1
parent 416b4cf685
1 changed files with 2 additions and 0 deletions
--- a/src/plugins/imageformats/ico/qicohandler.cpp
+++ b/src/plugins/imageformats/ico/qicohandler.cpp
@ -506,6 +506,8 @@ QImage ICOReader::iconAt(int index)
                icoAttrib.h = iconEntry.bHeight;
                if (icoAttrib.h == 0) // means 256 pixels
                    icoAttrib.h = header.biHeight/2;
+                if (icoAttrib.w > 256 || icoAttrib.h > 256) // Max ico size
+                    return img;

                QImage::Format format = QImage::Format_ARGB32;
                if (icoAttrib.nbits == 24)