Details
-
Bug
-
Resolution: Done
-
P2: Important
-
5.12.0 Alpha, 5.12.0 Beta 1, 5.12.0 Beta 2, 5.12.0 Beta 3, 5.12.0 Beta 4, 5.12.0 RC, 5.12.0 RC2, 5.12.0
-
None
-
-
d1cafa3ebac00f60cab3ca2beed6ebf2e6579a94 (qt/qtbase/5.12)
Description
When imageFromWinHBITMAP_GetDiBits is processing a bitmap which has bit depth != 32 bits AND forceQuads=true, it fails to allocate the correct size of memory to hold the entire image and GetDIBits causes a buffer overflow.
The problem occurs because the function modifies the biBitCount to be 32 but does not change the biSizeImage, therefore it only allocates as much memory to hold the unconverted bitmap. When the buffer is given to GetDIBits, it writes more bytes due to the conversion to 32 bits.
Attachments
For Gerrit Dashboard: QTBUG-72343 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
248013,3 | qt_imageFromWinHBITMAP(): Fix memory corruption when converting from bitmaps with low depths | 5.12 | qt/qtbase | Status: MERGED | +2 | 0 |