From a85c3939df798ed96a538b8df92abbd0d321a5f5 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Tue, 14 May 2024 10:42:29 +0200 Subject: [PATCH] Make minimal tag size more accepting Accept tags between 8 and 12 bytes long, and move the check for 12 bytes to where it is needed. Pick-to: 6.5 Fixes: QTBUG-125241 Change-Id: I1a46852a9ab60e7c63f8d74de1809d731912ab5b Reviewed-by: Eirik Aavitsland (cherry picked from commit f5cafb6f1ceeb907cc99baccf97d2da6299e5809) --- src/gui/painting/qicc.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/gui/painting/qicc.cpp b/src/gui/painting/qicc.cpp index d21bf6b4d93..ba30660fc17 100644 --- a/src/gui/painting/qicc.cpp +++ b/src/gui/painting/qicc.cpp @@ -437,6 +437,8 @@ bool parseXyzData(const QByteArray &data, const TagEntry &tagEntry, QColorVector bool parseTRC(const QByteArray &data, const TagEntry &tagEntry, QColorTrc &gamma) { + if (tagEntry.size < 12) + return false; const GenericTagData trcData = qFromUnaligned(data.constData() + tagEntry.offset); if (trcData.type == quint32(Tag::curv)) { @@ -564,6 +566,8 @@ bool parseDesc(const QByteArray &data, const TagEntry &tagEntry, QString &descNa // Either 'desc' (ICCv2) or 'mluc' (ICCv4) if (tag.type == quint32(Tag::desc)) { + if (tagEntry.size < sizeof(DescTagData)) + return false; Q_STATIC_ASSERT(sizeof(DescTagData) == 12); const DescTagData desc = qFromUnaligned(data.constData() + tagEntry.offset); const quint32 len = desc.asciiDescriptionLength; @@ -643,7 +647,7 @@ bool fromIccProfile(const QByteArray &data, QColorSpace *colorSpace) qCWarning(lcIcc) << "fromIccProfile: failed tag offset sanity 2"; return false; } - if (tagTable.size < 12) { + if (tagTable.size < 8) { qCWarning(lcIcc) << "fromIccProfile: failed minimal tag size sanity"; return false; }