mirror of
https://git.freebsd.org/ports.git
synced 2025-07-13 23:39:20 -04:00
1808f72dc4
The GIF handler is part of qt{4,5}-imageformats, not qt{4,5}-gui. Big pointy
hat to me.
I've chosen not to force users to rebuild the -gui ports yet again with a
PORTREVISION bump since the code built in those ports is the same regardless
of whether the patch is applied or not.
Submitted by: RyoTa SimaMoto <liangtai.s16@gmail.com>
MFH: 2014Q3
Security: 904d78b8-0f7e-11e4-8b71-5453ed2e2b49
38 lines
1.3 KiB
Text
38 lines
1.3 KiB
Text
commit f1b76c126c476c155af8c404b97c42cd1a709333
|
|
Author: Lars Knoll <lars.knoll@digia.com>
|
|
Date: Thu Apr 24 15:33:27 2014 +0200
|
|
|
|
Don't crash on broken GIF images
|
|
|
|
Broken GIF images could set invalid width and height
|
|
values inside the image, leading to Qt creating a null
|
|
QImage for it. In that case we need to abort decoding
|
|
the image and return an error.
|
|
|
|
Initial patch by Rich Moore.
|
|
|
|
Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5
|
|
|
|
Task-number: QTBUG-38367
|
|
Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a
|
|
Security-advisory: CVE-2014-0190
|
|
Reviewed-by: Richard J. Moore <rich@kde.org>
|
|
|
|
diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
|
|
index 3324f04..5199dd3 100644
|
|
--- src/gui/image/qgifhandler.cpp
|
|
+++ src/gui/image/qgifhandler.cpp
|
|
@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length,
|
|
memset(bits, 0, image->byteCount());
|
|
}
|
|
|
|
+ // Check if the previous attempt to create the image failed. If it
|
|
+ // did then the image is broken and we should give up.
|
|
+ if (image->isNull()) {
|
|
+ state = Error;
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
disposePrevious(image);
|
|
disposed = false;
|
|
|