Details
-
Type:
Bug
-
Status: Closed
-
Priority:
P3: Somewhat important
-
Resolution: Done
-
Affects Version/s: 5.12.0
-
Fix Version/s: 5.13.0 Alpha 1
-
Component/s: GUI: Painting
-
Labels:None
-
Platform/s:
Description
The attach code fails to fill all the image as white because 46341 * 46341 is bigger than MAX_INT
The overflow happens in qtbase/src/gui/painting/qdrawhelper_p.h:940:58
qt_memfill(reinterpret_cast<T*>(d), value, width * height);
Found while fuzzing kimageformats.
You may want to mention oss-fuzz/12762 that is the bug number assigned to it. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12762 (Will be public in 90 days)