Skip to content

Commit

Permalink
bmp image handler: check for out of range image size
Browse files Browse the repository at this point in the history 
Make the decoder fail early to avoid spending time and memory on
attempting to decode a corrupt image file.

Change-Id: I874e04f3b43122d73f8e58c7a5bcc4a741b68264
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
  • Loading branch information
@aavit
aavit committed Sep 11, 2018
1 parent 1f1e2aa commit 621ab8a
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions src/gui/image/qbmphandler.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,8 @@ static bool read_dib_infoheader(QDataStream &s, BMP_INFOHDR &bi)
if (!(comp == BMP_RGB || (nbits == 4 && comp == BMP_RLE4) ||
(nbits == 8 && comp == BMP_RLE8) || ((nbits == 16 || nbits == 32) && comp == BMP_BITFIELDS)))
return false; // weird compression type
if (bi.biWidth < 0 || quint64(bi.biWidth) * qAbs(bi.biHeight) > 16384 * 16384)
return false;

return true;
}
Expand Down

1 comment on commit 621ab8a

@alexdupre
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aavit Why this check?! BMP files can surely exceeds 16k x 16k pixels. Width & Height are specified as signed 32 bit integer (so no practical limit), while the file/image sizes are unsigned 32 bit integers, so the only standard pratical limit is 4GB file. Actually it's common practice to set file/image sizes to 0 (zero) for BMP bigger than 4GB.

Please sign in to comment.