Make minimal tag size more accepting

Accept tags between 8 and 12 bytes long, and move the check for 12 bytes to where it is needed. Pick-to: 6.7 6.5 Fixes: QTBUG-125241 Change-Id: I1a46852a9ab60e7c63f8d74de1809d731912ab5b Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
2024-05-14 10:42:29 +02:00 · 2024-05-14 10:42:29 +02:00 · f5cafb6f1c
commit f5cafb6f1c
parent 81a0753299
1 changed files with 5 additions and 1 deletions
--- a/src/gui/painting/qicc.cpp
+++ b/src/gui/painting/qicc.cpp
@ -559,6 +559,8 @@ static bool parseXyzData(const QByteArray &data, const TagEntry &tagEntry, QColo

 static quint32 parseTRC(const QByteArrayView &tagData, QColorTrc &gamma, QColorTransferTable::Type type = QColorTransferTable::TwoWay)
 {
+    if (tagData.size() < 12)
+        return 0;
    const GenericTagData trcData = qFromUnaligned<GenericTagData>(tagData.constData());
    if (trcData.type == quint32(Tag::curv)) {
        Q_STATIC_ASSERT(sizeof(CurvTagData) == 12);
@ -1067,6 +1069,8 @@ static bool parseDesc(const QByteArray &data, const TagEntry &tagEntry, QString

    // Either 'desc' (ICCv2) or 'mluc' (ICCv4)
    if (tag.type == quint32(Tag::desc)) {
+        if (tagEntry.size < sizeof(DescTagData))
+            return false;
        Q_STATIC_ASSERT(sizeof(DescTagData) == 12);
        const DescTagData desc = qFromUnaligned<DescTagData>(data.constData() + tagEntry.offset);
        const quint32 len = desc.asciiDescriptionLength;
@ -1287,7 +1291,7 @@ bool fromIccProfile(const QByteArray &data, QColorSpace *colorSpace)
            qCWarning(lcIcc) << "fromIccProfile: failed tag offset sanity 2";
            return false;
        }
-        if (tagTable.size < 12) {
+        if (tagTable.size < 8) {
            qCWarning(lcIcc) << "fromIccProfile: failed minimal tag size sanity";
            return false;
        }