diff options
author | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2021-10-25 14:43:09 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-11-08 15:20:13 +0000 |
commit | 124536b7d40c3fbfe2f827ef8ca5410c399142d7 (patch) | |
tree | 12bb6488f140d90fae8e7b1c45252176e343c65f | |
parent | 2e00eaa330a988ec62b252c5e61b9562d7961863 (diff) | |
download | qtsvg-124536b7d40c3fbfe2f827ef8ca5410c399142d7.tar.gz |
SVG Image reading: Reject oversize svgs as corrupt
Add an upper limit for height and width at 0xffff, same as jpeg.
Fixes: QTBUG-95891
Change-Id: I0dbc80dab3aab9b4743548772fb63fa69ea21f8a
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit e544d8e457d52b543cae5c988f81237c7d6608da)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r-- | src/plugins/imageformats/svg/qsvgiohandler.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/plugins/imageformats/svg/qsvgiohandler.cpp b/src/plugins/imageformats/svg/qsvgiohandler.cpp index 3e338b3..309e892 100644 --- a/src/plugins/imageformats/svg/qsvgiohandler.cpp +++ b/src/plugins/imageformats/svg/qsvgiohandler.cpp @@ -184,6 +184,8 @@ bool QSvgIOHandler::read(QImage *image) if (finalSize.isEmpty()) { *image = QImage(); } else { + if (qMax(finalSize.width(), finalSize.height()) > 0xffff) + return false; // Assume corrupted file if (!QImageIOHandler::allocateImage(finalSize, QImage::Format_ARGB32_Premultiplied, image)) return false; image->fill(d->backColor.rgba()); |