Репозитории ALT
S: | 4.8.7-alt25 |
5.1: | 4.6.3-alt1.M51.1 |
4.1: | 4.4.3-alt1.M41.1 |
4.0: | 4.3.4-alt5.M40.1 |
3.0: | 4.0.1-alt1 |
+updates: | 4.0.1-alt2 |
+backports: | 4.2.3-alt7.1.M30 |
Группа :: Система/Библиотеки
Пакет: qt4
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: CVE-2018-19873.patch
Скачать
Скачать
From 621ab8ab59901cc3f9bd98be709929c9eac997a8 Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
Date: Tue, 4 Sep 2018 11:08:06 +0200
Subject: [PATCH] bmp image handler: check for out of range image size
Make the decoder fail early to avoid spending time and memory on
attempting to decode a corrupt image file.
Change-Id: I874e04f3b43122d73f8e58c7a5bcc4a741b68264
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
---
src/gui/image/qbmphandler.cpp | 2 ++
1 file changed, 2 insertions(+)
--- a/src/gui/image/qbmphandler.cpp
+++ b/src/gui/image/qbmphandler.cpp
@@ -181,6 +181,8 @@
if (!(comp == BMP_RGB || (nbits == 4 && comp == BMP_RLE4) ||
(nbits == 8 && comp == BMP_RLE8) || ((nbits == 16 || nbits == 32) && comp == BMP_BITFIELDS)))
return false; // weird compression type
+ if (bi.biWidth < 0 || quint64(bi.biWidth) * qAbs(bi.biHeight) > 16384 * 16384)
+ return false;
return true;
}