1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Gif decoder: fix read error caused by ub check

Browse Source 
The recently added check to avoid negative-bitshift ub ignored that
the algorithm will sometimes use a negative bitcount value as a
flag. This caused reading failure for some frames.

Fixes: QTBUG-86702
Change-Id: I4c247a7eb6102f9b51cc8ac708c60db80d609e38
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
(cherry picked from commit f1c1f444811643acda66aaeb21a9e73a8e60e830)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Eirik Aavitsland 2020-09-18 14:55:32 +02:00 committed by Qt Cherry-pick Bot
parent d04c436ab1
commit 69eade9854
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/plugins/imageformats/gif/qgifhandler.cpp
View File

@ -490,12 +490,14 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length,
break;
case ImageDataBlock:
count++;
if (bitcount < 0 || bitcount > 31) {
state = Error;
return -1;
if (bitcount != -32768) {
if (bitcount < 0 || bitcount > 31) {
state = Error;
return -1;
}
accum |= (ch << bitcount);
bitcount += 8;
}
accum|=(ch<<bitcount);
bitcount+=8;
while (bitcount>=code_size && state==ImageDataBlock) {
int code=accum&((1<<code_size)-1);
bitcount-=code_size;