PKGBUILDs/extra/qt5/CVE-2015-1860.patch
2015-05-14 13:36:46 +00:00

30 lines
940 B
Diff

From d3048a29797ee2d80d84bbda26bb3c954584f332 Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
Date: Wed, 11 Mar 2015 09:00:41 +0100
Subject: Fixes crash in gif image decoder
Fuzzing test revealed that for certain malformed gif files,
qgifhandler would segfault.
Change-Id: I5bb6f60e1c61849e0d8c735edc3869945e5331c1
Reviewed-by: Richard J. Moore <rich@kde.org>
---
src/gui/image/qgifhandler.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
index 03e46ab..8d8c4ae 100644
--- a/src/gui/image/qgifhandler.cpp
+++ b/src/gui/image/qgifhandler.cpp
@@ -936,6 +936,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co
void QGIFFormat::nextY(unsigned char *bits, int bpl)
{
+ if (out_of_bounds)
+ return;
int my;
switch (interlace) {
case 0: // Non-interlaced
--
cgit v0.11.0