ico image handler: check for out of range image size

Make the decoder fail early to avoid spending time and memory on attempting to decode a corrupt image file. Change-Id: I598db817c387867a449040f5be5427c8b8746483 Reviewed-by: Lars Knoll <[email protected]>
StrataSource · Dec 3, 2018 · 4931973 · 4931973
1 parent 416b4cf
commit 4931973
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/plugins/imageformats/ico/qicohandler.cpp b/src/plugins/imageformats/ico/qicohandler.cpp
@@ -506,6 +506,8 @@ QImage ICOReader::iconAt(int index)
                 icoAttrib.h = iconEntry.bHeight;
                 if (icoAttrib.h == 0) // means 256 pixels
                     icoAttrib.h = header.biHeight/2;
+                if (icoAttrib.w > 256 || icoAttrib.h > 256) // Max ico size
+                    return img;
 
                 QImage::Format format = QImage::Format_ARGB32;
                 if (icoAttrib.nbits == 24)