[QTBUG-71208] QPicture crashes on malformed picture - Qt Bug Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: P1: Critical
Resolution: Done
Affects Version/s: 5.12.0 Beta 2
Fix Version/s: 5.11.3, 5.12.0 RC
Component/s: GUI: Painting
Labels:
None

Description

A malformed picture causes qChecksum() to SIGSEGV. The cause of the
segmentation fault is a buffer over-read. This happens when the picture is
first loaded and then the format of the picture is checked using
QPicturePrivate::checkFormat() function. This function uses qChecksum()
function to calculate the checksum of the picture and compare if the returned
CRC-16 checksum is valid. However the malformed picture causes a crash in a
qChecksum() function before the actual checksum validation is made.

The attachment contain everything needed to reproduce.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

Attachments

qpicture-crash.cpp
0.3 kB
17 Oct '18 11:47
crash.pic
0.0 kB
17 Oct '18 11:47

Options
- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

Gerrit Reviews

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Eirik Aavitsland

Reporter:: Erkki Esimerkki

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17 Oct '18 11:52

Updated:: 27 Nov '18 14:05

Resolved:: 27 Nov '18 14:05

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

QPicture: fix crash for malformed picture: Gerrit Review: