Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72343

imageFromWinHBITMAP_GetDiBits heap corruption

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: P2: Important P2: Important
    • 5.12.1, 5.12.2
    • 5.12.0 Alpha, 5.12.0 Beta 1, 5.12.0 Beta 2, 5.12.0 Beta 3, 5.12.0 Beta 4, 5.12.0 RC, 5.12.0 RC2, 5.12.0
    • GUI: Painting
    • None
    • Windows
    • d1cafa3ebac00f60cab3ca2beed6ebf2e6579a94 (qt/qtbase/5.12)

      When imageFromWinHBITMAP_GetDiBits is processing a bitmap which has bit depth != 32 bits AND forceQuads=true, it fails to allocate the correct size of memory to hold the entire image and GetDIBits causes a buffer overflow.

      The problem occurs because the function modifies the biBitCount to be 32 but does not change the biSizeImage, therefore it only allocates as much memory to hold the unconverted bitmap. When the buffer is given to GetDIBits, it writes more bytes due to the conversion to 32 bits.

        1. qtbug72343_stack.txt
          4 kB
          Friedemann Kleint
        2. qtbug72343_diag.diff
          2 kB
          Friedemann Kleint
        3. qtbug72343_log.txt
          0.3 kB
          Friedemann Kleint
        4. qtbug72343.zip
          1 kB
          Friedemann Kleint
        For Gerrit Dashboard: QTBUG-72343
        # Subject Branch Project Status CR V
        248013,3 qt_imageFromWinHBITMAP(): Fix memory corruption when converting from bitmaps with low depths 5.12 qt/qtbase Status: MERGED +2 0

            kleint Friedemann Kleint
            konstantinos Konstantinos
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes