1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Description: fix buffer overflow in XBM parser
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=1616c71921b73b22
Last-Update: 2020-08-18
---
src/gui/image/qxbmhandler.cpp | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/src/gui/image/qxbmhandler.cpp
+++ b/src/gui/image/qxbmhandler.cpp
@@ -154,7 +154,9 @@ static bool read_xbm_body(QIODevice *dev
w = (w+7)/8; // byte width
while (y < h) { // for all encoded bytes...
- if (p) { // p = "0x.."
+ if (p && p < (buf + readBytes - 3)) { // p = "0x.."
+ if (!isxdigit(p[2]) || !isxdigit(p[3]))
+ return false;
*b++ = hex2byte(p+2);
p += 2;
if (++x == w && ++y < h) {
|
