Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-40297

QImage::scaled crashes on images with big width due to internal integer overflow

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P3: Somewhat important
    • 4.8.7, 5.3.2
    • 4.8.6, 5.3.1
    • GUI: Painting
    • None
    • Windows, Max OS, Linux
    • 0afc80c9225ca9630f627fe1aea3d4fd7f958082 416272fbc4a6b88433eed7f01a37dd77b02b327f

    Description

      When scaling images with big width, e.g. (60000x1), there is a crash internally in Qt.
      When no crash happens part of the scaled image is corrupted.

      This is a simple code snippet to reproduce the problem

      QImage img(QSize(60000, 1), QImage::Format_RGB32);
img.fill(Qt::black);
QImage imgScaled = img.scaled(QSize(600, 1), Qt::KeepAspectRatio);
imgScaled.save("a.bmp");

      The crash is due to an integer overflow happening both in internal functions qt_scale_image_16bit and qt_scale_image_32bit (implemented in src/gui/painting/qblendfunctions_p.h) in internal loop when srcx counter is increased.

      The problem affects latest Qt 4 and Qt 5 versions (Qt 5.3.1 and Qt 4.8.6) on all platforms I tested (Windows, Mac, Linux)

      Attachments

        1. main.cpp
          0.2 kB
        2. qtbug40160_stack.txt
          5 kB
        3. qtbug40160.zip
          1 kB
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            allan.jensen Allan Sandfeld Jensen
            mauceri Calogero Mauceri
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes