1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
Description: fix validation issue for ICNS image
The header validation logic could trigger an assert when an invalid ICNS
image was loaded. This patch fixes the validation logic.
Origin: upstream, https://code.qt.io/cgit/qt/qtimageformats.git/commit/?id=efd332516f510144
Last-Update: 2025-06-06
--- a/src/plugins/imageformats/icns/qicnshandler.cpp
+++ b/src/plugins/imageformats/icns/qicnshandler.cpp
@@ -359,8 +359,11 @@ static inline bool isPowOf2OrDividesBy16
static inline bool isBlockHeaderValid(const ICNSBlockHeader &header, quint64 bound = 0)
{
- return header.ostype != 0 && (bound == 0
- || qBound(quint64(ICNSBlockHeaderSize), quint64(header.length), bound) == header.length);
+ return header.ostype != 0 &&
+ (bound == 0 ||
+ // qBound can be used but requires checking the limits first
+ // this requires less operations
+ (ICNSBlockHeaderSize <= header.length && header.length <= bound));
}
static inline bool isIconCompressed(const ICNSEntry &icon)
@@ -899,7 +902,7 @@ bool QICNSHandler::scanDevice()
return false;
const qint64 blockDataOffset = device()->pos();
- if (!isBlockHeaderValid(blockHeader, ICNSBlockHeaderSize + filelength - blockDataOffset)) {
+ if (!isBlockHeaderValid(blockHeader, ICNSBlockHeaderSize - blockDataOffset + filelength)) {
qWarning("QICNSHandler::scanDevice(): Failed, bad header at pos %s. OSType \"%s\", length %u",
QByteArray::number(blockDataOffset).constData(),
nameFromOSType(blockHeader.ostype).constData(), blockHeader.length);
|
