From 49319734c11206f6993aa12b42a663d3906da26e Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
Date: Tue, 27 Nov 2018 15:25:53 +0100
Subject: [PATCH] ico image handler: check for out of range image size

Make the decoder fail early to avoid spending time and memory on
attempting to decode a corrupt image file.

Change-Id: I598db817c387867a449040f5be5427c8b8746483
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
---
 src/plugins/imageformats/ico/qicohandler.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/plugins/imageformats/ico/qicohandler.cpp b/src/plugins/imageformats/ico/qicohandler.cpp
index e61173db302..30935cacda5 100644
--- a/src/plugins/imageformats/ico/qicohandler.cpp
+++ b/src/plugins/imageformats/ico/qicohandler.cpp
@@ -506,6 +506,8 @@ QImage ICOReader::iconAt(int index)
                 icoAttrib.h = iconEntry.bHeight;
                 if (icoAttrib.h == 0) // means 256 pixels
                     icoAttrib.h = header.biHeight/2;
+                if (icoAttrib.w > 256 || icoAttrib.h > 256) // Max ico size
+                    return img;
 
                 QImage::Format format = QImage::Format_ARGB32;
                 if (icoAttrib.nbits == 24)