Details
-
Bug
-
Resolution: Done
-
P3: Somewhat important
-
5.12.0
-
None
Description
The attach code fails to fill all the image as white because 46341 * 46341 is bigger than MAX_INT
The overflow happens in qtbase/src/gui/painting/qdrawhelper_p.h:940:58
qt_memfill(reinterpret_cast<T*>(d), value, width * height);
Found while fuzzing kimageformats.
You may want to mention oss-fuzz/12762 that is the bug number assigned to it. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12762 (Will be public in 90 days)