summaryrefslogtreecommitdiff
path: root/extra/qt4/CVE-2014-0190.patch
diff options
context:
space:
mode:
Diffstat (limited to 'extra/qt4/CVE-2014-0190.patch')
-rw-r--r--extra/qt4/CVE-2014-0190.patch32
1 files changed, 32 insertions, 0 deletions
diff --git a/extra/qt4/CVE-2014-0190.patch b/extra/qt4/CVE-2014-0190.patch
new file mode 100644
index 000000000..e97ee7bf0
--- /dev/null
+++ b/extra/qt4/CVE-2014-0190.patch
@@ -0,0 +1,32 @@
+Don't crash on broken GIF images
+
+Broken GIF images could set invalid width and height
+values inside the image, leading to Qt creating a null
+QImage for it. In that case we need to abort decoding
+the image and return an error.
+
+Initial patch by Rich Moore.
+
+Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5
+
+Task-number: QTBUG-38367
+Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a
+Security-advisory: CVE-2014-0190
+
+diff -up qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367 qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp
+--- qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367 2014-04-10 13:37:12.000000000 -0500
++++ qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp 2014-04-24 15:58:54.515862458 -0500
+@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, co
+ memset(bits, 0, image->byteCount());
+ }
+
++ // Check if the previous attempt to create the image failed. If it
++ // did then the image is broken and we should give up.
++ if (image->isNull()) {
++ state = Error;
++ return -1;
++ }
++
+ disposePrevious(image);
+ disposed = false;
+
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-19 21:31:54 +0000