From 68762151dbf45fbb44e140ac2ad13dbe8d357352 Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
Date: Wed, 25 Feb 2015 15:39:41 +0100
Subject: [PATCH] Fix crash when converting format of QImage created from
 buffer

When doing format conversion, the optimized inplace codepath did not
check if the image data was readonly, i.e. if the QImage had been
created by the constructor taking an existing external buffer.

Task-number: QTBUG-44610
Change-Id: I085ff8da427bc4ee392f548dffd2418b63148965
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
---
 src/gui/image/qimage.cpp                   |  2 +-
 tests/auto/gui/image/qimage/tst_qimage.cpp | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/gui/image/qimage.cpp b/src/gui/image/qimage.cpp
index 887a7c29eb1..6699e516a0a 100644
--- a/src/gui/image/qimage.cpp
+++ b/src/gui/image/qimage.cpp
@@ -4565,7 +4565,7 @@ bool QImageData::convertInPlace(QImage::Format newFormat, Qt::ImageConversionFla
         return true;
 
     // No in-place conversion if we have to detach
-    if (ref.load() > 1)
+    if (ref.load() > 1 || ro_data)
         return false;
 
     const InPlace_Image_Converter *const converterPtr = &qimage_inplace_converter_map[format][newFormat];
diff --git a/tests/auto/gui/image/qimage/tst_qimage.cpp b/tests/auto/gui/image/qimage/tst_qimage.cpp
index ed1d9156708..e8da3263aef 100644
--- a/tests/auto/gui/image/qimage/tst_qimage.cpp
+++ b/tests/auto/gui/image/qimage/tst_qimage.cpp
@@ -2492,6 +2492,19 @@ void tst_QImage::inplaceConversion()
     }
     if (image.depth() == imageConverted.depth())
         QCOMPARE(imageConverted.constScanLine(0), originalPtr);
+
+    {
+        // Test attempted inplace conversion of images created on existing, readonly buffer
+        static const quint32 readOnlyData[] = { 0x00010203U, 0x04050607U, 0x08091011U, 0x12131415U };
+
+        QImage roImage((const uchar *)readOnlyData, 2, 2, format);
+        QImage inplaceConverted = std::move(roImage).convertToFormat(dest_format);
+
+        QImage roImage2((const uchar *)readOnlyData, 2, 2, format);
+        QImage normalConverted = roImage2.convertToFormat(dest_format);
+
+        QCOMPARE(normalConverted, inplaceConverted);
+    }
 #endif
 }