Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-40297

QImage::scaled crashes on images with big width due to internal integer overflow

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: P3: Somewhat important P3: Somewhat important
    • 4.8.7, 5.3.2
    • 4.8.6, 5.3.1
    • GUI: Painting
    • None
    • Windows, Max OS, Linux
    • 0afc80c9225ca9630f627fe1aea3d4fd7f958082 416272fbc4a6b88433eed7f01a37dd77b02b327f

      When scaling images with big width, e.g. (60000x1), there is a crash internally in Qt.
      When no crash happens part of the scaled image is corrupted.

      This is a simple code snippet to reproduce the problem

      QImage img(QSize(60000, 1), QImage::Format_RGB32);
img.fill(Qt::black);
QImage imgScaled = img.scaled(QSize(600, 1), Qt::KeepAspectRatio);
imgScaled.save("a.bmp");

      The crash is due to an integer overflow happening both in internal functions qt_scale_image_16bit and qt_scale_image_32bit (implemented in src/gui/painting/qblendfunctions_p.h) in internal loop when srcx counter is increased.

      The problem affects latest Qt 4 and Qt 5 versions (Qt 5.3.1 and Qt 4.8.6) on all platforms I tested (Windows, Mac, Linux)

        1. main.cpp
          0.2 kB
        2. qtbug40160_stack.txt
          5 kB
        3. qtbug40160.zip
          1 kB
        For Gerrit Dashboard: QTBUG-40297
        # Subject Branch Project Status CR V
        90926,2 Don't convert signed to unsigned when we need all 32bit 5.3 qt/qtbase Status: MERGED +2 0
        91043,2 Don't convert signed to unsigned when we need all 32bit 4.8 qt/qt Status: MERGED +2 0

            allan.jensen Allan Sandfeld Jensen
            mauceri Calogero Mauceri
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes