Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-24711

CRASH: QMacPixmapData::copy

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 4.8.3
    • 4.8.0
    • Image formats
    • None
    • 3b7edefb5b8a3dd6b1b53af4039cf1a862cd0aed

    Description

      QMacPixmapData::copy copies image data with our ever checking of the resize operation was successful.

      If the allocation fails (see https://bugreports.qt-project.org/browse/QTBUG-24710) this code is going to crash because dest is NULL.

          resize(rect.width(), rect.height());
    ....
    char *dest = reinterpret_cast<char*>(pixels);
    const char *src = reinterpret_cast<const char*>(macData->pixels + x) + y * macData->bytesPerRow;
    for (int i = 0; i < h; ++i) {
        memcpy(dest, src, w * 4);          // BOOM!
        dest += bytesPerRow;
        src += macData->bytesPerRow;
    }

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            andysh Andy Shaw
            andreasloew Andreas Loew
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes