Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P1: Critical
Fix Version/s: QSR 3.0
Affects Version/s: QSR 3.0
Component/s: Runtime
Labels:
None

Commits:
b846d96a0 (dev)

Description

Function scanline in QSafeBitmapResource takes signed values, which can lead to uninformed programmer to give a negative value that the function does not check for:

const ARGB *QSafeBitmapResource::scanline(const qint32 pixelRow) const
{
    const bool isAccessOK = (m_data != nullptr) && (pixelRow < height());
    const ARGB *argbPtr = nullptr;
    if (isAccessOK) {
        // AXIVION Next Line MisraC++2023-8.2.5: Unavoidable cast to unrelated pointer type. The m_data is 4-byte aligned and is safe to convert to ARGB.
        argbPtr = reinterpret_cast<const ARGB*>(&m_data[pixelRow * width()]);
    }
    return argbPtr;
}

Either make pixelRow a quint32, or add a lower bound check for it.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QSR-2808
#	Subject	Branch	Project	Status	CR	V
643515,3	Add lower bound check to QSafeBitmap::scanline()	dev	tqtc-boot2qt/qtsaferenderer-runtime	Status: MERGED	+2	0

Activity

People

Assignee:: Jussi Witick

Reporter:: Jussi Witick

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22 Apr '25 10:47

Updated:: 15 May '25 07:29

Resolved:: 15 May '25 07:29

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

Add lower bound check to QSafeBitmap::scanline(): Gerrit Review: