Details
-
Bug
-
Resolution: Done
-
P2: Important
-
5.7.0
-
None
-
QT 5.7.0 32 bits on Windows 10 (x64)
-
5123dba5640c8a8c25ec61194a703add17510401 (qtbase/5.6, 23.7.2016, 5.6.2)
Description
Analyzing crash reports received from our customers, we detected a crash in QImage::setAlphaChannel, inside the qico plugin (despite the plugin doesn't seem to be the cause).
We have been able to reproduce it with this minimal example. To reproduce the crash, the size of the image should be low enough to successfully create image and mask, but not enough to create another QImage needed inside QImage::setAlphaChannel. So, depending on the computer, it could be needed to increase or decrease the value in the example to make it crash:
int main(int argc, char *argv[]) { int value = 20000; QImage image(value, value, QImage::Format_Indexed8); if (image.isNull()) { cout << "Value too high, use a lower one" << endl; return 0; } QImage mask(image.width(), image.height(), QImage::Format_Mono); if (mask.isNull()) { cout << "Value too high, use a lower one" << endl; return 0; } image.setAlphaChannel(mask); cout << "The app should have crashed, try a bigger value." << endl; return 0; }
The crash happens exactly in the line 4237 of qimage.cpp:
} else { const QImage sourceImage = alphaChannel.convertToFormat(QImage::Format_RGB32); const uchar *src_data = sourceImage.d->data; // <---- HERE uchar *dest_data = d->data; for (int y=0; y<h; ++y) {
sourceImage is a Null image returned by alphaChannel.convertToFormat so the app crash trying to access sourceImage.d->data because sourceImage.d is NULL.
Something like this (like a similar check 25 lines above) should fix the problem:
const QImage sourceImage = alphaChannel.convertToFormat(QImage::Format_RGB32); if (sourceImage.isNull()) return;
Thank you for your attention.