Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.11.3, 5.12.0 RC
Affects Version/s: 5.12.0 Beta 2
Component/s: GUI: Painting
Labels:
None

Description

A malformed picture causes qChecksum() to SIGSEGV. The cause of the
segmentation fault is a buffer over-read. This happens when the picture is
first loaded and then the format of the picture is checked using
QPicturePrivate::checkFormat() function. This function uses qChecksum()
function to calculate the checksum of the picture and compare if the returned
CRC-16 checksum is valid. However the malformed picture causes a crash in a
qChecksum() function before the actual checksum validation is made.

The attachment contain everything needed to reproduce.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

crash.pic
0.0 kB
17 Oct '18 11:47
qpicture-crash.cpp
0.3 kB
17 Oct '18 11:47

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-71208
#	Subject	Branch	Project	Status	CR	V
243022,2	QPicture: fix crash for malformed picture	5.11	qt/qtbase	Status: MERGED	+2	0

Activity

People

Assignee:: Eirik Aavitsland

Reporter:: Erkki Esimerkki

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17 Oct '18 11:52

Updated:: 27 Nov '18 14:05

Resolved:: 27 Nov '18 14:05

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

QPicture: fix crash for malformed picture: Gerrit Review: