-
Bug
-
Resolution: Done
-
P1: Critical
-
4.5.3
-
None
-
dfceed4535110d345b89658729b66bbdb2c3d7ca
A potential crash exists in QImage::createAlphaMask() function. The crash will occur if function is executed according to following code path (lines number are given vs qt 4.5.3 code) :
qimage.cpp : 4089 : QImage mask(d->width, d->height, Format_MonoLSB);
qimage.cpp : 831 : d = QImageData::create(QSize(width, height), format, 0);
qimage.cpp : 246 : memory allocation failure on d->data = (uchar *)malloc(d->nbytes), d->data is null
qimage.cpp : 250 : QImageData::create() returns null
qimage.cpp : 831 : on QImage constructor exit, we have created a null QImage
qimage.cpp : 4090 : call dither_to_Mono(mask.d, d, flags, true) with mash.d == null
qimage.cpp : 2321 : crash caused by invalid access to src in Q_ASSERT(src->width == dst->width)
The issue is fixed by replacing line 4089/4090 by
QImage mask(d->width, d->height, Format_MonoLSB);
if (mask.isNull())
return QImage();
dither_to_Mono(mask.d, d, flags, true);
Looking at current code, the issue exists in 4.6.0 code too.