f1735615f6
we'll update to qt 3.3.7 after the immodule patch has been merged, which should hopefully happen in the middle of november....
58 lines
2.3 KiB
Plaintext
58 lines
2.3 KiB
Plaintext
$OpenBSD: patch-src_kernel_qimage_cpp,v 1.5 2006/10/24 22:39:36 espie Exp $
|
|
--- src/kernel/qimage.cpp.orig Fri Sep 2 14:43:01 2005
|
|
+++ src/kernel/qimage.cpp Tue Oct 24 22:30:51 2006
|
|
@@ -475,7 +475,12 @@ QImage::QImage( uchar* yourdata, int w,
|
|
Endian bitOrder )
|
|
{
|
|
init();
|
|
- if ( w <= 0 || h <= 0 || depth <= 0 || numColors < 0 )
|
|
+ int bpl = ((w*depth+31)/32)*4; // bytes per scanline
|
|
+ if ( w <= 0 || h <= 0 || depth <= 0 || numColors < 0
|
|
+ || INT_MAX / sizeof(uchar *) < uint(h)
|
|
+ || INT_MAX / uint(depth) < uint(w)
|
|
+ || bpl <= 0
|
|
+ || INT_MAX / uint(bpl) < uint(h) )
|
|
return; // invalid parameter(s)
|
|
data->w = w;
|
|
data->h = h;
|
|
@@ -483,7 +488,6 @@ QImage::QImage( uchar* yourdata, int w,
|
|
data->ncols = depth != 32 ? numColors : 0;
|
|
if ( !yourdata )
|
|
return; // Image header info can be saved without needing to allocate memory.
|
|
- int bpl = ((w*depth+31)/32)*4; // bytes per scanline
|
|
data->nbytes = bpl*h;
|
|
if ( colortable || !data->ncols ) {
|
|
data->ctbl = colortable;
|
|
@@ -523,7 +527,10 @@ QImage::QImage( uchar* yourdata, int w,
|
|
Endian bitOrder )
|
|
{
|
|
init();
|
|
- if ( !yourdata || w <= 0 || h <= 0 || depth <= 0 || numColors < 0 )
|
|
+ if ( !yourdata || w <= 0 || h <= 0 || depth <= 0 || numColors < 0
|
|
+ || INT_MAX / sizeof(uchar *) < uint(h)
|
|
+ || INT_MAX / uint(bpl) < uint(h)
|
|
+ )
|
|
return; // invalid parameter(s)
|
|
data->w = w;
|
|
data->h = h;
|
|
@@ -1259,7 +1266,7 @@ bool QImage::create( int width, int heig
|
|
if ( data->ncols != numColors ) // could not alloc color table
|
|
return FALSE;
|
|
|
|
- if ( INT_MAX / depth < width) { // sanity check for potential overflow
|
|
+ if ( INT_MAX / uint(depth) < uint(width) ) { // sanity check for potential overflow
|
|
setNumColors( 0 );
|
|
return FALSE;
|
|
}
|
|
@@ -1272,7 +1279,9 @@ bool QImage::create( int width, int heig
|
|
// #### WWA: shouldn't this be (width*depth+7)/8:
|
|
const int pad = bpl - (width*depth)/8; // pad with zeros
|
|
#endif
|
|
- if (INT_MAX / bpl < height) { // sanity check for potential overflow
|
|
+ if ( INT_MAX / uint(bpl) < uint(height)
|
|
+ || bpl < 0
|
|
+ || INT_MAX / sizeof(uchar *) < uint(height) ) { // sanity check for potential overflow
|
|
setNumColors( 0 );
|
|
return FALSE;
|
|
}
|