1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
Description: reject broken MNG images
Origin: upstream, https://codereview.qt-project.org/c/qt/qtbase/+/303313
For backport to Qt 5.15, add these checks directly to qtimageformats, not qtbase.
Last-Update: 2024-10-28
--- a/src/plugins/imageformats/mng/mng.pro
+++ b/src/plugins/imageformats/mng/mng.pro
@@ -1,5 +1,6 @@
TARGET = qmng
+QT += gui-private
HEADERS += qmnghandler_p.h
SOURCES += main.cpp \
qmnghandler.cpp
--- a/src/plugins/imageformats/mng/qmnghandler.cpp
+++ b/src/plugins/imageformats/mng/qmnghandler.cpp
@@ -42,6 +42,7 @@
#include "qimage.h"
#include "qvariant.h"
#include "qcolor.h"
+#include <private/qimage_p.h>
#define MNG_USE_SO
#include <libmng.h>
@@ -247,6 +248,16 @@ mng_bool QMngHandlerPrivate::processHead
{
if (mng_set_canvasstyle(hMNG, iStyle) != MNG_NOERROR)
return MNG_FALSE;
+ QImageData::ImageSizeParameters szp =
+ QImageData::calculateImageParameters(iWidth, iHeight, 32);
+ if (!szp.isValid())
+ return MNG_FALSE;
+ // 256 MB is enough for an 8K 64bpp image
+ if (szp.totalSize > 256 << 20) {
+ qWarning("QMngHandler: Rejecting image as it exceeds the current "
+ "allocation limit of 256 megabytes");
+ return MNG_FALSE;
+ }
image = QImage(iWidth, iHeight, QImage::Format_ARGB32);
image.fill(0);
return MNG_TRUE;
|
