Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P2: Important
Fix Version/s: 5.12.1, 5.12.2
Affects Version/s: 5.12.0 Alpha, 5.12.0 Beta 1, 5.12.0 Beta 2, 5.12.0 Beta 3, 5.12.0 Beta 4, 5.12.0 RC, 5.12.0 RC2, 5.12.0
Component/s: GUI: Painting
Labels:
None

Platform/s:

Windows
Commits:
d1cafa3ebac00f60cab3ca2beed6ebf2e6579a94 (qt/qtbase/5.12)

Description

When imageFromWinHBITMAP_GetDiBits is processing a bitmap which has bit depth != 32 bits AND forceQuads=true, it fails to allocate the correct size of memory to hold the entire image and GetDIBits causes a buffer overflow.

The problem occurs because the function modifies the biBitCount to be 32 but does not change the biSizeImage, therefore it only allocates as much memory to hold the unconverted bitmap. When the buffer is given to GetDIBits, it writes more bytes due to the conversion to 32 bits.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

qtbug72343_diag.diff
2 kB
11 Dec '18 14:23
qtbug72343_log.txt
0.3 kB
11 Dec '18 14:28
qtbug72343_stack.txt
4 kB
11 Dec '18 13:26
qtbug72343.zip
1 kB
12 Dec '18 09:33

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Friedemann Kleint

Reporter:: Konstantinos

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 06 Dec '18 07:04

Updated:: 08 Jan '19 12:30

Resolved:: 12 Dec '18 20:35

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

qt_imageFromWinHBITMAP(): Fix memory corruption when converting from bitmaps with low depths: Gerrit Review: