1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qpnghandler: Only assume we're past the input size if it returns a size

Browse Source 
Size 0 is a "valid" answer for QIODevice implementations so we need to
make sure that we only enter the "try to workaround broken files" if we
know there is a size, otherwise the first read of length 4 that libpng
does breaks everything.

Change-Id: I1e396abd206ff90edae4372726f1d82d5d41ccf3
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
This commit is contained in:
Albert Astals Cid 2021-05-12 21:40:40 +02:00
parent 6cee204d56
commit 9e90682def
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/gui/image/qpnghandler.cpp
View File

@ -199,7 +199,7 @@ void iod_read_fn(png_structp png_ptr, png_bytep data, png_size_t length)
QPngHandlerPrivate *d = (QPngHandlerPrivate *)png_get_io_ptr(png_ptr);
QIODevice *in = d->q->device();
if (d->state == QPngHandlerPrivate::ReadingEnd && !in->isSequential() && (in->size() - in->pos()) < 4 && length == 4) {
if (d->state == QPngHandlerPrivate::ReadingEnd && !in->isSequential() && in->size() > 0 && (in->size() - in->pos()) < 4 && length == 4) {
// Workaround for certain malformed PNGs that lack the final crc bytes
uchar endcrc[4] = { 0xae, 0x42, 0x60, 0x82 };
memcpy(data, endcrc, 4);